You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/12/18 20:39:00 UTC

[jira] [Created] (NIFI-9505) Upgrade Log4j 2 to 2.17.0

David Handermann created NIFI-9505:
--------------------------------------

             Summary: Upgrade Log4j 2 to 2.17.0
                 Key: NIFI-9505
                 URL: https://issues.apache.org/jira/browse/NIFI-9505
             Project: Apache NiFi
          Issue Type: Bug
            Reporter: David Handermann
            Assignee: David Handermann


Log4j 2 version 2.17.0 addresses a potential vulnerability in non-standard logging configurations using Thread Context Map lookup capabilities, described in [CVE-2021-45105|https://www.cve.org/CVERecord?id=CVE-2021-45105].

Although NiFi does not use Log4j 2 for runtime logging, upgrading to version 2.17.0 avoids potential references to older versions in external components.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)