Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(connector-node): upgrade log4j from 1.2 to 2.20 #8384

Merged
merged 2 commits into from
Mar 7, 2023
Merged

fix(connector-node): upgrade log4j from 1.2 to 2.20 #8384

merged 2 commits into from
Mar 7, 2023

Conversation

fuyufjh
Copy link
Member

@fuyufjh fuyufjh commented Mar 7, 2023
edited by yuhao-su
Loading

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

Upgrade log4j from 1.2 to 2.20 to fix the vulnerability alerts reported by the dependent bot.

close #8344

Checklist For Contributors

  • I have written necessary rustdoc comments
  • I have added necessary unit tests and integration tests
  • I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
  • I have demonstrated that backward compatibility is not broken by breaking changes and created issues to track deprecated features to be removed in the future. (Please refer to the issue)
  • All checks passed in ./risedev check (or alias, ./risedev c)

Checklist For Reviewers

  • I have requested macro/micro-benchmarks as this PR can affect performance substantially, and the results are shown.

Documentation

  • My PR DOES NOT contain user-facing changes.
Click here for Documentation

Types of user-facing changes

Please keep the types that apply to your changes, and remove the others.

  • Installation and deployment
  • Connector (sources & sinks)
  • SQL commands, functions, and operators
  • RisingWave cluster configuration changes
  • Other (please specify in the release note below)

Release note

@fuyufjh fuyufjh requested a review from tabVersion March 7, 2023 04:40
@github-actions github-actions bot added the type/fix Bug fix label Mar 7, 2023
@fuyufjh fuyufjh enabled auto-merge March 7, 2023 04:48
liurenjie1024
liurenjie1024 approved these changes Mar 7, 2023
View reviewed changes
Copy link
Contributor

@liurenjie1024 liurenjie1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuyufjh fuyufjh added this pull request to the merge queue Mar 7, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 7, 2023
@tabVersion tabVersion added this pull request to the merge queue Mar 7, 2023
Merged via the queue into main with commit d7d0307 Mar 7, 2023
@tabVersion tabVersion deleted the eric/upgrade_log4j branch March 7, 2023 08:26
stdrc pushed a commit that referenced this pull request Mar 8, 2023
@fuyufjh @stdrc
fix(connector-node): upgrade log4j from 1.2 to 2.20 (#8384)
e7dcf85
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liurenjie1024 liurenjie1024 liurenjie1024 approved these changes

@tabVersion tabVersion tabVersion approved these changes

Assignees
No one assigned
Labels
type/fix Bug fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

log4j security alerts in java
3 participants
@fuyufjh @liurenjie1024 @tabVersion