You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Peter Somogyi (Jira)" <ji...@apache.org> on 2021/12/14 09:28:00 UTC

[jira] [Created] (HBASE-26570) Upgrade to log4j 2.16.0

Peter Somogyi created HBASE-26570:
-------------------------------------

             Summary: Upgrade to log4j 2.16.0
                 Key: HBASE-26570
                 URL: https://issues.apache.org/jira/browse/HBASE-26570
             Project: HBase
          Issue Type: Umbrella
          Components: dependencies, hbase-operator-tools
            Reporter: Peter Somogyi
            Assignee: Peter Somogyi


Log4j just release version 2.16.0 where jndi is turned off by default. Based on the release announcement it is not required to fix CVE-2021-44228 but recommended. 

[https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)