Release 2.3.10. Update log4j and junit

Azure / azure-data-lake-store-java

Microsoft Azure Data Lake Store Filesystem Library for Java

Other

20 stars 36 forks source link

Release 2.3.10. Update log4j and junit #50

Closed akharit closed 2 years ago

akharit commented 2 years ago

Update log4j to mitigate CVE-2021-44228.

Also update junit.

rkettelerij commented 2 years ago

@akharit it's always good to upgrade vulnerable dependencies but I think azure-data-lake-store-java isn't vulnerable to this CVE since log4j-core has Maven scope test. Meaning it is not part of the final product and there's no risk for end users here. What do you think?

akharit commented 2 years ago

@rkettelerij You are correct. This shouldn't have required a new release. I'll be merging the log4j 2.16 as well, but not make a new release for that.