You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Jungtaek Lim (JIRA)" <ji...@apache.org> on 2017/05/24 01:57:04 UTC

[jira] [Commented] (STORM-2528) Bump log4j version to 2.8.2

    [ https://issues.apache.org/jira/browse/STORM-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022201#comment-16022201 ] 

Jungtaek Lim commented on STORM-2528:
-------------------------------------

Maybe better to consider upgrade as higher priority since Storm is using CVE affected version of Log4j.
http://www.cvedetails.com/cve/CVE-2017-5645/

> Bump log4j version to 2.8.2
> ---------------------------
>
>                 Key: STORM-2528
>                 URL: https://issues.apache.org/jira/browse/STORM-2528
>             Project: Apache Storm
>          Issue Type: Improvement
>            Reporter: Balint Molnar
>            Priority: Minor
>
> Log4j version 2.8.2 is generally available so I propose to bump the log4j version, because of several security and speed improvements.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)