You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bigtop.apache.org by "Kengo Seki (Jira)" <ji...@apache.org> on 2022/02/15 01:53:00 UTC
[jira] [Created] (BIGTOP-3642) Upgrade log4j to 2.17.1 on all components
Kengo Seki created BIGTOP-3642:
----------------------------------
Summary: Upgrade log4j to 2.17.1 on all components
Key: BIGTOP-3642
URL: https://issues.apache.org/jira/browse/BIGTOP-3642
Project: Bigtop
Issue Type: Improvement
Components: flink, hive, solr
Reporter: Kengo Seki
Assignee: Kengo Seki
At this point of time, all components use log4j 2.16.0+ on branch-3.0 and master so CVE-2021-44228 and CVE-2021-45046 have already been addressed (thanks a lot [~elukey] [~yoda-mon] [~iwasakims]!).
It is better to upgrade them to 2.17.1 before the release for addressing CVE-2021-45105 and CVE-2021-44832.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)