You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Peter Somogyi (Jira)" <ji...@apache.org> on 2021/12/14 20:38:00 UTC
[jira] [Resolved] (HBASE-26570) Upgrade to log4j 2.16.0
[ https://issues.apache.org/jira/browse/HBASE-26570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Somogyi resolved HBASE-26570.
-----------------------------------
Resolution: Done
> Upgrade to log4j 2.16.0
> -----------------------
>
> Key: HBASE-26570
> URL: https://issues.apache.org/jira/browse/HBASE-26570
> Project: HBase
> Issue Type: Umbrella
> Components: dependencies
> Reporter: Peter Somogyi
> Assignee: Peter Somogyi
> Priority: Major
>
> Log4j just release version 2.16.0 where jndi is turned off by default. Based on the release announcement it is not required to fix CVE-2021-44228 but recommended.
> [https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)