You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@hive.apache.org by GitBox <gi...@apache.org> on 2021/12/10 14:42:31 UTC

[GitHub] [hive] guptanikhil007 commented on pull request #2863: HIVE-25795: [CVE-2021-44228] Update log4j2 version to 2.15.0

guptanikhil007 commented on pull request #2863:
URL: https://github.com/apache/hive/pull/2863#issuecomment-991029400


   @dengzhhu653 Closed previous pull request because build was stuck in pending to build state. (Somehow throttled)
   
   Adding the conversation here:
   
   bin/hive-config.sh changes
   dengzhhu653:
   maybe we do not need this after updating?
   
   guptanikhil007:
   Similar HBase fix:
   https://github.com/apache/hbase/pull/3933/files
   
   The leader of knownsec 404 team (ZoomEye & SeeBug) 'Heige' have also recommend to set log4j2.formatMsgNoLookups to true
   Ref: https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
   
   dengzhhu653:
   Got it, thank you!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org