You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2022/04/01 07:20:39 UTC
[Bug 65990] New: Zookeeper and Storm Log4j Vulnerability issue
https://bz.apache.org/bugzilla/show_bug.cgi?id=65990
Bug ID: 65990
Summary: Zookeeper and Storm Log4j Vulnerability issue
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: bugs@httpd.apache.org
Reporter: adarsh.shukla1@wipro.com
Target Milestone: ---
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65990] Zookeeper and Storm Log4j Vulnerability issue
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65990
Adarsh Shukla <ad...@wipro.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |critical
--- Comment #1 from Adarsh Shukla <ad...@wipro.com> ---
Hi Team,
We have been receiving multiple issues wrt the Log4j vulnerability in storm and
zookeeper packages.
Specifically in storm we found following packages which are the result of the
vulnerability scan
current version storm we are using is Storm 2.3.0
lib/jetty-servlets-9.4.14.v20181114.jar
lib/kafka-clients-0.11.0.3.jar
lib-tools/sql/core/protobuf-java-3.1.0.jar
lib-tools/sql/runtime/calcite-core-1.14.0.jar
lib-tools/sql/runtime/guava-16.0.1.jar
lib-tools/sql/runtime/guava-16.0.1.jar
lib-webapp/dropwizard-validation-1.3.5.jar
lib-webapp/dropwizard-validation-1.3.5.jar
lib-webapp/hibernate-validator-5.4.2.Final.jar
lib-webapp/hibernate-validator-6.0.17.Final.jar
lib-webapp/hibernate-validator-6.0.17.Final.jar
lib-webapp/jakarta.el-3.0.2.jar
Required versions to resolve vulnerabilities :
jetty-servlets > 9.4.41.v20210516
kafka-clients > 2.1.1
protobuf-java > 3.4.0
calcite-core > 1.26.0
guava > 30.0
dropwizard-validation > 1.3.21
hibernate-validator > 6.0.20
jakartha-el > 3.0.4
and for zookeeper aswell we would need the fix to handle log4j vulnerability
issue, as of now we see the zookeeper is not effected but we would like to
understand if there is any plan to upgrade the zookeeper package in future
which minimize the vulnerability issue?
Thanks in advance
Regards,
Adarsh
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65990] Zookeeper and Storm Log4j Vulnerability issue
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65990
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Ruediger Pluem <rp...@apache.org> ---
Please open an issue against Apache Zookeeper and / or Apache Storm here:
https://issues.apache.org/jira/secure/Dashboard.jspa
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org