You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Manoja Mishra (Jira)" <ji...@apache.org> on 2022/01/18 10:33:00 UTC

[jira] [Commented] (FLINK-25472) Update to Log4j 2.17.1

    [ https://issues.apache.org/jira/browse/FLINK-25472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477746#comment-17477746 ] 

Manoja Mishra commented on FLINK-25472:
---------------------------------------

Hi [~MartijnVisser] ,

 

Thanks for working on this issue and providing the resolution. We are looking for the patch release with log4j2.17.1. Could you please let me know when the 1.12.8 build will be available to download. We need to upgrade urgently due to security mandate.

Thanks,

Manoja

> Update to Log4j 2.17.1
> ----------------------
>
>                 Key: FLINK-25472
>                 URL: https://issues.apache.org/jira/browse/FLINK-25472
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: API / Core
>    Affects Versions: 1.15.0, 1.12.8, 1.13.6, 1.14.3
>            Reporter: Martijn Visser
>            Assignee: Martijn Visser
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.15.0, 1.12.8, 1.13.6, 1.14.3
>
>
> We should update from Log4j 2.17.0 to 2.17.1 to address CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)