You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@helix.apache.org by Grainier Perera <gr...@apache.org> on 2022/04/01 12:41:28 UTC
Patch release for CVE-2021-44228 fix
Hi devs,
I see [1] is already addressed CVE-2021-44228 by upgrading the Log4j
version to 2.16.0. I'm wondering whether there's a plan to release a
patched version of Helix with this fix anytime soon?
[1] https://github.com/apache/helix/pull/1922
Thanks & Regards,
Grainier Perera.
Re: Patch release for CVE-2021-44228 fix
Posted by Grainier Perera <gr...@apache.org>.
Thanks Junkai for the prompt response. Looking forward for the official
release 🙂.
Thanks,
Grainier Perera.
On Fri, 1 Apr 2022 at 9:17 PM, Junkai Xue <jx...@apache.org> wrote:
> Thanks Grainier for asking. The official release will be started by the end
> of next week. We need to do some testing and verification before officially
> releasing the version.
>
> Best,
>
> Junkai
>
> On Fri, Apr 1, 2022 at 5:41 AM Grainier Perera <gr...@apache.org>
> wrote:
>
> > Hi devs,
> >
> > I see [1] is already addressed CVE-2021-44228 by upgrading the Log4j
> > version to 2.16.0. I'm wondering whether there's a plan to release a
> > patched version of Helix with this fix anytime soon?
> >
> > [1] https://github.com/apache/helix/pull/1922
> >
> > Thanks & Regards,
> > Grainier Perera.
> >
>
--
Grainier Perera.
Re: Patch release for CVE-2021-44228 fix
Posted by Grainier Perera <gr...@apache.org>.
Thanks Junkai for the prompt response. Looking forward for the official
release 🙂.
Thanks,
Grainier Perera.
On Fri, 1 Apr 2022 at 9:17 PM, Junkai Xue <jx...@apache.org> wrote:
> Thanks Grainier for asking. The official release will be started by the end
> of next week. We need to do some testing and verification before officially
> releasing the version.
>
> Best,
>
> Junkai
>
> On Fri, Apr 1, 2022 at 5:41 AM Grainier Perera <gr...@apache.org>
> wrote:
>
> > Hi devs,
> >
> > I see [1] is already addressed CVE-2021-44228 by upgrading the Log4j
> > version to 2.16.0. I'm wondering whether there's a plan to release a
> > patched version of Helix with this fix anytime soon?
> >
> > [1] https://github.com/apache/helix/pull/1922
> >
> > Thanks & Regards,
> > Grainier Perera.
> >
>
--
Grainier Perera.
Re: Patch release for CVE-2021-44228 fix
Posted by Junkai Xue <jx...@apache.org>.
Thanks Grainier for asking. The official release will be started by the end
of next week. We need to do some testing and verification before officially
releasing the version.
Best,
Junkai
On Fri, Apr 1, 2022 at 5:41 AM Grainier Perera <gr...@apache.org> wrote:
> Hi devs,
>
> I see [1] is already addressed CVE-2021-44228 by upgrading the Log4j
> version to 2.16.0. I'm wondering whether there's a plan to release a
> patched version of Helix with this fix anytime soon?
>
> [1] https://github.com/apache/helix/pull/1922
>
> Thanks & Regards,
> Grainier Perera.
>
Re: Patch release for CVE-2021-44228 fix
Posted by Junkai Xue <jx...@apache.org>.
Thanks Grainier for asking. The official release will be started by the end
of next week. We need to do some testing and verification before officially
releasing the version.
Best,
Junkai
On Fri, Apr 1, 2022 at 5:41 AM Grainier Perera <gr...@apache.org> wrote:
> Hi devs,
>
> I see [1] is already addressed CVE-2021-44228 by upgrading the Log4j
> version to 2.16.0. I'm wondering whether there's a plan to release a
> patched version of Helix with this fix anytime soon?
>
> [1] https://github.com/apache/helix/pull/1922
>
> Thanks & Regards,
> Grainier Perera.
>