You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2021/12/17 18:55:02 UTC

[GitHub] [storm] Pac72 opened a new pull request #3427: STORM-3810: bumping log4j.version to 2.16.0 and disruptor.version to 3.4.4 (CVE-2021-44228)

Pac72 opened a new pull request #3427:
URL: https://github.com/apache/storm/pull/3427


   ## Fixing CVE-2021-44228 for 1.x-branch
   Similarly to https://github.com/apache/storm/pull/3426, bumping log4j.version to 2.16.0 and consequently disruptor.version to 3.4.4 on 1.x-branch
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] agresch commented on pull request #3427: STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046)

Posted by GitBox <gi...@apache.org>.

agresch commented on pull request #3427:
URL: https://github.com/apache/storm/pull/3427#issuecomment-1006010073


   No, my team is currently busy on internal projects.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] aishwaryasoni1991 commented on pull request #3427: STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046)

Posted by GitBox <gi...@apache.org>.

aishwaryasoni1991 commented on pull request #3427:
URL: https://github.com/apache/storm/pull/3427#issuecomment-1005981917


   @agresch Any idea when will the Storm version with this change be released?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] agresch commented on pull request #3427: STORM-3810: bumping log4j.version to 2.16.0 and disruptor.version to 3.4.4 (CVE-2021-44228)

Posted by GitBox <gi...@apache.org>.

agresch commented on pull request #3427:
URL: https://github.com/apache/storm/pull/3427#issuecomment-998021433


   @Pac72 - can you upgrade to 2.17.0?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] lukess commented on pull request #3427: STORM-3810: bumping log4j.version to 2.16.0 and disruptor.version to 3.4.4 (CVE-2021-44228)

Posted by GitBox <gi...@apache.org>.

lukess commented on pull request #3427:
URL: https://github.com/apache/storm/pull/3427#issuecomment-997023189


   @Pac72 yeah I think this is good. thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] Pac72 commented on pull request #3427: STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046)

Posted by GitBox <gi...@apache.org>.

Pac72 commented on pull request #3427:
URL: https://github.com/apache/storm/pull/3427#issuecomment-998146281


   @agresch - sure, done (y)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] agresch merged pull request #3427: STORM-3810: bumping log4j.version to 2.17.0 and disruptor.version to 3.4.4 (CVE-2021-44228, CVE-2021-45046)

Posted by GitBox <gi...@apache.org>.

agresch merged pull request #3427:
URL: https://github.com/apache/storm/pull/3427


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org