You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "wangyuyi (Jira)" <ji...@apache.org> on 2021/07/07 02:50:00 UTC

[jira] [Created] (ZEPPELIN-5452) 建议升级log4j版本

wangyuyi created ZEPPELIN-5452:
----------------------------------

             Summary: 建议升级log4j版本
                 Key: ZEPPELIN-5452
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5452
             Project: Zeppelin
          Issue Type: Improvement
          Components: conf
    Affects Versions: 0.9.0
            Reporter: wangyuyi


<log4j.version>1.2.17</log4j.version>

目前使用log4j为1.2.17版本，此版本存在：反序列化漏洞（CVE201917571） ，建议能升级到版本（目前应该是2.14.1）
h1.  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)