Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-1731

Missing log4j-api dependency in maven repo zip

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 2.2.5.GA, 2.2.5.CR1
    • 2.2.5.ER2, 2.2.5.ER3
    • team/prod
    • None

    Description

      org.apache.logging.log4j:log4j-api:jar:2.17.0.redhat-00001 is in product BOM

      Ref: http://indy.psi.redhat.com/api/content/maven/hosted/pnc-builds/com/redhat/quarkus/platform/quarkus-bom/2.2.5.Final-redhat-00003/quarkus-bom-2.2.5.Final-redhat-00003.pom

      Explicit log4j-api dependency is included because of CVEs storm before Christmas - https://github.com/quarkusio/quarkus/blob/2.2.5.Final/bom/application/pom.xml#L2785

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. QUARKUS-1717 Manage to log4j-api in RHBQ 2.2.5

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              sausingh@redhat.com Saumya Singh
              rhn-support-pagonzal Pablo Gonzalez Granados (Inactive)
              Pablo Gonzalez Granados Pablo Gonzalez Granados (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: