Actually, as we are a sole SDK it might be ok to ship because we are not 
included in containers, i.e. but rather in the Storm Runtime environment.

I cannot remember on which version Storm 2.7.0 is running but if there is a 
difference, we should most likely downgrade.

Gruß and Thx
Richard 

Am 12. November 2024 18:19:47 MEZ schrieb Tim Allison <talli...@apache.org>:
>Over on POI and in other libraries throughout the Java land, there's a
>problem with log4j2 that may or may not affect us.
>
>The POI discussion is here:
>https://lists.apache.org/thread/bkb5y7mj3v3sld9sbk4r6jgmccs4k61j
>
>The log4j2 issues are here:
>https://github.com/apache/logging-log4j2/issues/3143
>https://github.com/apache/logging-log4j2/issues/3196
>
>Will this be a problem for us? Should we downgrade?
>
>Best,
>
>        Tim

Reply via email to