Would it be possible in the next release of Ignite to upgrade the 3rd party component /opt/ignite/apache-ignite/libs/optional/ignite-rest-http/log4j-1.2.17.jar to log4j-core-2.13.3.jar?
This component log4j-1.2.17.jar is flagged as having a critical security vulnerability which is described here: https://nvd.nist.gov/vuln/detail/CVE-2019-17571 The latest version of this component appears to be 2.13.3 which should resolve the vulnerability: https://logging.apache.org/log4j/2.x/download.html. Thanks, Andrew Story -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
