You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Nagalakshmi Nagaraj (Jira)" <ji...@apache.org> on 2022/01/25 11:32:00 UTC

[jira] [Created] (ZOOKEEPER-4451) vulnerable version of log4j is being used in Zookeeper (1.2.15/12.16)

Nagalakshmi Nagaraj created ZOOKEEPER-4451:
----------------------------------------------

             Summary: vulnerable version of log4j  is being used in Zookeeper (1.2.15/12.16)
                 Key: ZOOKEEPER-4451
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4451
             Project: ZooKeeper
          Issue Type: Bug
            Reporter: Nagalakshmi Nagaraj


Even the latest version of Zookeeper (3.7.0) is still using the vulnerable version of log4j

log4j-1.2.15.jar

log4j-1.2.16.jar

 

We require apache Zookeeper tar with the Fix version of log4j (2.17.1)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)