Actually, as we are a sole SDK it might be ok to ship because we are not included in containers, i.e. but rather in the Storm Runtime environment.
I cannot remember on which version Storm 2.7.0 is running but if there is a difference, we should most likely downgrade. Gruß and Thx Richard Am 12. November 2024 18:19:47 MEZ schrieb Tim Allison <talli...@apache.org>: >Over on POI and in other libraries throughout the Java land, there's a >problem with log4j2 that may or may not affect us. > >The POI discussion is here: >https://lists.apache.org/thread/bkb5y7mj3v3sld9sbk4r6jgmccs4k61j > >The log4j2 issues are here: >https://github.com/apache/logging-log4j2/issues/3143 >https://github.com/apache/logging-log4j2/issues/3196 > >Will this be a problem for us? Should we downgrade? > >Best, > > Tim