You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Peter Somogyi (Jira)" <ji...@apache.org> on 2021/12/14 20:38:00 UTC

[jira] [Resolved] (HBASE-26570) Upgrade to log4j 2.16.0

     [ https://issues.apache.org/jira/browse/HBASE-26570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Somogyi resolved HBASE-26570.
-----------------------------------
    Resolution: Done

> Upgrade to log4j 2.16.0
> -----------------------
>
>                 Key: HBASE-26570
>                 URL: https://issues.apache.org/jira/browse/HBASE-26570
>             Project: HBase
>          Issue Type: Umbrella
>          Components: dependencies
>            Reporter: Peter Somogyi
>            Assignee: Peter Somogyi
>            Priority: Major
>
> Log4j just release version 2.16.0 where jndi is turned off by default. Based on the release announcement it is not required to fix CVE-2021-44228 but recommended. 
> [https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)