You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Antoine Tran (Jira)" <ji...@apache.org> on 2021/12/14 15:08:00 UTC
[jira] [Created] (STORM-3809) CVE-2021-44228 Log4Shell: upgrade log4j2
Antoine Tran created STORM-3809:
-----------------------------------
Summary: CVE-2021-44228 Log4Shell: upgrade log4j2
Key: STORM-3809
URL: https://issues.apache.org/jira/browse/STORM-3809
Project: Apache Storm
Issue Type: Bug
Components: storm-core
Affects Versions: 2.3.0, 2.2.1
Reporter: Antoine Tran
Recent critical CVE about log4shell ([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm. (Eg: in Storm 2.2.0, it uses log4j-api-2.11.2.jar) Any log4j2 between 2.0 and 2.14 is affected.
I did not found any issue or news related to Apache Storm and a fix. So I create this ticket to track it down.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)