You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bigtop.apache.org by "Kengo Seki (Jira)" <ji...@apache.org> on 2022/02/15 01:53:00 UTC

[jira] [Created] (BIGTOP-3642) Upgrade log4j to 2.17.1 on all components

Kengo Seki created BIGTOP-3642:
----------------------------------

             Summary: Upgrade log4j to 2.17.1 on all components
                 Key: BIGTOP-3642
                 URL: https://issues.apache.org/jira/browse/BIGTOP-3642
             Project: Bigtop
          Issue Type: Improvement
          Components: flink, hive, solr
            Reporter: Kengo Seki
            Assignee: Kengo Seki


At this point of time, all components use log4j 2.16.0+ on branch-3.0 and master so CVE-2021-44228 and CVE-2021-45046 have already been addressed (thanks a lot [~elukey] [~yoda-mon] [~iwasakims]!).
It is better to upgrade them to 2.17.1 before the release for addressing CVE-2021-45105 and CVE-2021-44832.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)