You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Jungtaek Lim (JIRA)" <ji...@apache.org> on 2017/05/24 01:57:04 UTC
[jira] [Commented] (STORM-2528) Bump log4j version to 2.8.2
[ https://issues.apache.org/jira/browse/STORM-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022201#comment-16022201 ]
Jungtaek Lim commented on STORM-2528:
-------------------------------------
Maybe better to consider upgrade as higher priority since Storm is using CVE affected version of Log4j.
http://www.cvedetails.com/cve/CVE-2017-5645/
> Bump log4j version to 2.8.2
> ---------------------------
>
> Key: STORM-2528
> URL: https://issues.apache.org/jira/browse/STORM-2528
> Project: Apache Storm
> Issue Type: Improvement
> Reporter: Balint Molnar
> Priority: Minor
>
> Log4j version 2.8.2 is generally available so I propose to bump the log4j version, because of several security and speed improvements.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)