You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Martijn Visser (Jira)" <ji...@apache.org> on 2022/01/18 10:56:00 UTC
[jira] [Comment Edited] (FLINK-25472) Update to Log4j 2.17.1
[ https://issues.apache.org/jira/browse/FLINK-25472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477747#comment-17477747 ]
Martijn Visser edited comment on FLINK-25472 at 1/18/22, 10:55 AM:
-------------------------------------------------------------------
[~mkmishra] There's currently no plan for a new Flink 1.12 release. You can always ask for a new Flink 1.12 release on the Dev mailing list, but this Flink version is close to not being supported anymore by the community (since Flink 1.15 will be released in the next couple of months and the community only supports the last -3- 2 versions).
was (Author: martijnvisser):
[~mkmishra] There's currently no plan for a new Flink 1.12 release. You can always ask for a new Flink 1.12 release on the Dev mailing list, but this Flink version is close to not being supported anymore by the community (since Flink 1.15 will be released in the next couple of months and the community only supports the last 3 versions).
> Update to Log4j 2.17.1
> ----------------------
>
> Key: FLINK-25472
> URL: https://issues.apache.org/jira/browse/FLINK-25472
> Project: Flink
> Issue Type: Technical Debt
> Components: API / Core
> Affects Versions: 1.15.0, 1.12.8, 1.13.6, 1.14.3
> Reporter: Martijn Visser
> Assignee: Martijn Visser
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0, 1.12.8, 1.13.6, 1.14.3
>
>
> We should update from Log4j 2.17.0 to 2.17.1 to address CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)