We use Pentaho Data Integration CE for daily ETL jobs in our environment. It has proven quite useful.
As a result of the recent log4j vulnerability in log4j 2.x there has been increased scrutiny on outdated versions of software and using software that is end-of-life with mgmt./security requesting information on updates/timeframes for existing applications.
PDI uses log4j-1.2.17.jar which is end-of-life. Are there any plans to upgrade all instances of log4j, specifically, to log4j version 2.17+, as well as other Java libs/packages that may be EOL as well? If so, is there an expected timeframe?
From apache log4j site: "On August 5, 2015 the Logging Services Project Management Committee announced that Log4j 1.x had reached end of life"
Thank you,
Bill Pulver