You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/12/10 13:23:00 UTC

[jira] [Commented] (DRILL-8074) Upgrade log4j because of CVE-2021-44228

    [ https://issues.apache.org/jira/browse/DRILL-8074?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457144#comment-17457144 ] 

ASF GitHub Bot commented on DRILL-8074:
---------------------------------------

dzamo commented on pull request #2403:
URL: https://github.com/apache/drill/pull/2403#issuecomment-990969583


   Thank you @kingswanwho!  Is it only the format-excel plugin that uses a vulnerable version of log4j?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Upgrade log4j because of CVE-2021-44228
> ---------------------------------------
>
>                 Key: DRILL-8074
>                 URL: https://issues.apache.org/jira/browse/DRILL-8074
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: library
>    Affects Versions: 1.19.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Critical
>             Fix For: 1.20.0
>
>
> https://www.lunasec.io/docs/blog/log4j-zero-day/



--
This message was sent by Atlassian Jira
(v8.20.1#820001)