You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@calcite.apache.org by "Rui Wang (Jira)" <ji...@apache.org> on 2021/12/26 06:09:00 UTC
[jira] [Closed] (CALCITE-4930) Update log4j2 version to 2.15.0
[ https://issues.apache.org/jira/browse/CALCITE-4930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rui Wang closed CALCITE-4930.
-----------------------------
> Update log4j2 version to 2.15.0
> -------------------------------
>
> Key: CALCITE-4930
> URL: https://issues.apache.org/jira/browse/CALCITE-4930
> Project: Calcite
> Issue Type: Bug
> Components: core
> Affects Versions: 1.28.0
> Reporter: Ada Wong
> Assignee: Ada Wong
> Priority: Minor
> Labels: pull-request-available
> Fix For: 1.29.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
> [CVE-2021-44228|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)