You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@calcite.apache.org by "Rui Wang (Jira)" <ji...@apache.org> on 2021/12/26 06:09:00 UTC

[jira] [Closed] (CALCITE-4930) Update log4j2 version to 2.15.0

     [ https://issues.apache.org/jira/browse/CALCITE-4930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rui Wang closed CALCITE-4930.
-----------------------------

> Update log4j2 version to 2.15.0
> -------------------------------
>
>                 Key: CALCITE-4930
>                 URL: https://issues.apache.org/jira/browse/CALCITE-4930
>             Project: Calcite
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.28.0
>            Reporter: Ada Wong
>            Assignee: Ada Wong
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 1.29.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
> [CVE-2021-44228|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)