You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Enrico Olivelli (Jira)" <ji...@apache.org> on 2022/03/29 07:43:00 UTC

[jira] [Resolved] (ZOOKEEPER-4452) Log4j 1.X CVE-2022-23302/5/7 vulnerabilities

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Enrico Olivelli resolved ZOOKEEPER-4452.
----------------------------------------
    Fix Version/s: 3.8.0
                   3.7.1
                   3.6.4
       Resolution: Fixed

Resolved for 3.7.x and 3.6.x with ZOOKEEPER-4455

Resolved for 3.8.x with the move to LogBack

> Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
> --------------------------------------------
>
>                 Key: ZOOKEEPER-4452
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4452
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security
>            Reporter: Dominique Mongelli
>            Priority: Major
>             Fix For: 3.8.0, 3.7.1, 3.6.4
>
>
> Some log4j 1.x vulnerabilities have been disclosed recently:   
>  * CVE-2022-23302: [https://nvd.nist.gov/vuln/detail/CVE-2022-23302]    
>  * CVE-2022-23305 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23305]    
>  * CVE-2022-23307 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23307]
> We would like to know if zookeeper is affected by these vulnerabilities ?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)