You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2021/12/13 08:39:17 UTC

[GitHub] [storm] lukess opened a new pull request #3425: bump log4j 2.15.0

lukess opened a new pull request #3425:
URL: https://github.com/apache/storm/pull/3425


   To bump log4j 2.15.0 for CVE-2021-44228


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] agresch merged pull request #3425: bump log4j 2.16.0

Posted by GitBox <gi...@apache.org>.

agresch merged pull request #3425:
URL: https://github.com/apache/storm/pull/3425


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] lukess commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

lukess commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993308371


   hi @talios thanks, I just verified 1.0.x branch with log4j 2.15.0 + disruptor 3.4.4. The log4j 2.16.0 still WIP.
   https://github.com/apache/storm/pull/3426


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] profes edited a comment on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

profes edited a comment on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993670128


   @Ethanlm 
   It would be good to release maintenance versions for 2.3/2.2/1.x branches.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] profes edited a comment on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

profes edited a comment on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993670128


   It would be good to release maintenance versions for 2.3/2.2/1.x branches.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] agresch commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

agresch commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993716744


   Can you open a storm JIRA and add it to the commit message and I will merge this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] avermeer commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

avermeer commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993422036


   Hello,
   
   For whoever who might run still run in production with Apache Storm 1.2.3:
   I just replaced existing log4j JAR files with their 2.16.0 version (not
   event bothering to keep same file names) and restarted everything
   => everything works fine !
   
   (for our own topologies, we were relying on SLF4J API for logging, so we
   had nothing to change there...)
   
   
   Alexandre
   
   Le mar. 14 déc. 2021 à 11:54, Mark Derricutt ***@***.***> a
   écrit :
   
   > @lukess <https://github.com/lukess> We updated up our 1.0.x distro with
   > 2.16 and disrupter 3.4.4 shortly after I made that comment, and it seems to
   > be working fine.
   >
   > Looks like 2.16 just removes all the message lookups and disabled JNDI by
   > default.
   >
   > —
   > You are receiving this because you are subscribed to this thread.
   > Reply to this email directly, view it on GitHub
   > <https://github.com/apache/storm/pull/3425#issuecomment-993418345>, or
   > unsubscribe
   > <https://github.com/notifications/unsubscribe-auth/AEIJEMMFPOUBF42YS3UAQQTUQ4O4PANCNFSM5J5QVLSQ>
   > .
   > Triage notifications on the go with GitHub Mobile for iOS
   > <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
   > or Android
   > <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
   >
   >
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] profes commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

profes commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993670128


   It would be good to release maintenance version for 2.3/2.2/1.x branches.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] talios commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

talios commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993149489


   2.16 was just released as well.   In my local storm install I manually updated to 2.16 but get an error with the lmax Distruper. ( admittedly this is an older 1.x series so that may have been updated ).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] talios commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

talios commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993418345


   @lukess We updated up our 1.0.x distro with 2.16 and disrupter 3.4.4 shortly after I made that comment, and it seems to be working fine.
   
   Looks like 2.16 just removes all the message lookups and disabled JNDI by default.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] lukess commented on pull request #3425: bump log4j 2.15.0

Posted by GitBox <gi...@apache.org>.

lukess commented on pull request #3425:
URL: https://github.com/apache/storm/pull/3425#issuecomment-993814986


   thanks we have tested 1.16


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org