Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-1731

Missing log4j-api dependency in maven repo zip

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 2.2.5.GA, 2.2.5.CR1
    • 2.2.5.ER2, 2.2.5.ER3
    • team/prod
    • None

      org.apache.logging.log4j:log4j-api:jar:2.17.0.redhat-00001 is in product BOM

      Ref: http://indy.psi.redhat.com/api/content/maven/hosted/pnc-builds/com/redhat/quarkus/platform/quarkus-bom/2.2.5.Final-redhat-00003/quarkus-bom-2.2.5.Final-redhat-00003.pom

      Explicit log4j-api dependency is included because of CVEs storm before Christmas - https://github.com/quarkusio/quarkus/blob/2.2.5.Final/bom/application/pom.xml#L2785

        1. Screenshot from 2022-01-31 09-21-28.png
          Screenshot from 2022-01-31 09-21-28.png
          70 kB
        2. Screenshot from 2022-01-31 09-24-36.png
          Screenshot from 2022-01-31 09-24-36.png
          152 kB

            sausingh@redhat.com Saumya Singh
            rhn-support-pagonzal Pablo Gonzalez Granados (Inactive)
            Pablo Gonzalez Granados Pablo Gonzalez Granados (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: