Skip to content
代码片段 群组 项目
未验证 提交 5a7acd8b 编辑于 作者: Nitesh Mor's avatar Nitesh Mor 提交者: GitHub
浏览文件

SEC-1307: Backporting log4j migration to confluent-repackaged version (#401)

* MINOR: log4j migration to confluent repackaged version (#362)

Context: log4j v1 has reached end of life many years ago, and is affected by CVE-2019-17571
Confluent repackaged version of log4j fixes the security vulnerabilities.

Reviewers: Ismael Juma <ismael@juma.me.uk>, Jeff Kim <jeff.kim@confluent.io>

* SEC-1334: update confluent-log4j version (#384)
上级 5262716a
No related branches found
No related tags found
无相关合并请求
......@@ -114,6 +114,9 @@ allprojects {
libs.nettyHandler,
libs.nettyTransportNativeEpoll
)
dependencySubstitution {
substitute module("log4j:log4j:1.2.17") because "we use a custom version with security patches" with module("io.confluent:confluent-log4j:1.2.17-cp2")
}
}
}
}
......
......@@ -82,7 +82,7 @@ versions += [
jersey: "2.28",
jmh: "1.23",
hamcrest: "2.2",
log4j: "1.2.17",
log4j: "1.2.17-cp2",
scalaLogging: "3.9.2",
jaxb: "2.3.0",
jaxrs: "2.1.1",
......@@ -173,7 +173,7 @@ libs += [
kafkaStreams_23: "org.apache.kafka:kafka-streams:$versions.kafka_23",
kafkaStreams_24: "org.apache.kafka:kafka-streams:$versions.kafka_24",
kafkaStreams_25: "org.apache.kafka:kafka-streams:$versions.kafka_25",
log4j: "log4j:log4j:$versions.log4j",
log4j: "io.confluent:confluent-log4j:$versions.log4j",
lz4: "org.lz4:lz4-java:$versions.lz4",
metrics: "com.yammer.metrics:metrics-core:$versions.metrics",
mockitoCore: "org.mockito:mockito-core:$versions.mockito",
......
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册