Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-11055

Update log4j to version 2.14.1

    XMLWordPrintableJSON

Details

    Description

      Beam uses a version of log4j that is reported by some security tools to have some security issues. Notice that Beam's use of log4j should not be impacted by the issue.
      See https://nvd.nist.gov/vuln/detail/CVE-2017-5645

      The update in the vendored grpc module is to ensure it gets updated too in a future release of our vendored dependencies. Notice that this is a runtime dep for users so they are free to provide their own version so less of an issue.

      Attachments

        Activity

          People

            iemejia Ismaël Mejía
            iemejia Ismaël Mejía
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20h 10m
                20h 10m