You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Ethan Li (Jira)" <ji...@apache.org> on 2022/01/16 20:44:00 UTC

[jira] [Closed] (STORM-3810) CVE-2021-44228 Log4J vulnerability

     [ https://issues.apache.org/jira/browse/STORM-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ethan Li closed STORM-3810.
---------------------------
    Resolution: Duplicate

> CVE-2021-44228 Log4J vulnerability
> ----------------------------------
>
>                 Key: STORM-3810
>                 URL: https://issues.apache.org/jira/browse/STORM-3810
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>    Affects Versions: 1.2.2, 1.2.3, 1.2.4
>            Reporter: Dario Bonino
>            Priority: Critical
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Recent critical CVE about Log4J ([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm.
> Please upgrade to latest Log4j2 >= 2.16.0 (see [https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom)] in 1.2.X Storm branch and also in 2.X.X Storm branches.
> Thank you!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)