You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Enrico Olivelli (Jira)" <ji...@apache.org> on 2022/03/29 07:43:00 UTC
[jira] [Resolved] (ZOOKEEPER-4452) Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli resolved ZOOKEEPER-4452.
----------------------------------------
Fix Version/s: 3.8.0
3.7.1
3.6.4
Resolution: Fixed
Resolved for 3.7.x and 3.6.x with ZOOKEEPER-4455
Resolved for 3.8.x with the move to LogBack
> Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
> --------------------------------------------
>
> Key: ZOOKEEPER-4452
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4452
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Reporter: Dominique Mongelli
> Priority: Major
> Fix For: 3.8.0, 3.7.1, 3.6.4
>
>
> Some log4j 1.x vulnerabilities have been disclosed recently:
> * CVE-2022-23302: [https://nvd.nist.gov/vuln/detail/CVE-2022-23302]
> * CVE-2022-23305 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23305]
> * CVE-2022-23307 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23307]
> We would like to know if zookeeper is affected by these vulnerabilities ?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)