You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2021/12/15 14:16:47 UTC

[GitHub] [drill] jnturton opened a new pull request #2405: DRILL-8074: Second upgrade of log4j (2.16 now) because of CVE-2021-44228

jnturton opened a new pull request #2405:
URL: https://github.com/apache/drill/pull/2405


   # [DRILL-8074](https://issues.apache.org/jira/browse/DRILL-8074): Second upgrade of log4j (2.16 now) because of CVE-2021-44228.
   
   ## Description
   
   Refer to DRILL-8074, #2403 and CVE 2021-45046.  This PR updates log4j-api and log4j-to-slf4j again, this time to 2.16.  Note that we do not  believe these components are actually vulnerable, this is just overzealous caution.
   
   ## Documentation
   None
   
   ## Testing
   Full set of unit tests
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] jnturton merged pull request #2405: DRILL-8074: Second upgrade of log4j (2.16 now) because of CVE-2021-44228

Posted by GitBox <gi...@apache.org>.

jnturton merged pull request #2405:
URL: https://github.com/apache/drill/pull/2405


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org