https://bz.apache.org/bugzilla/show_bug.cgi?id=65990
Adarsh Shukla <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |critical --- Comment #1 from Adarsh Shukla <[email protected]> --- Hi Team, We have been receiving multiple issues wrt the Log4j vulnerability in storm and zookeeper packages. Specifically in storm we found following packages which are the result of the vulnerability scan current version storm we are using is Storm 2.3.0 lib/jetty-servlets-9.4.14.v20181114.jar lib/kafka-clients-0.11.0.3.jar lib-tools/sql/core/protobuf-java-3.1.0.jar lib-tools/sql/runtime/calcite-core-1.14.0.jar lib-tools/sql/runtime/guava-16.0.1.jar lib-tools/sql/runtime/guava-16.0.1.jar lib-webapp/dropwizard-validation-1.3.5.jar lib-webapp/dropwizard-validation-1.3.5.jar lib-webapp/hibernate-validator-5.4.2.Final.jar lib-webapp/hibernate-validator-6.0.17.Final.jar lib-webapp/hibernate-validator-6.0.17.Final.jar lib-webapp/jakarta.el-3.0.2.jar Required versions to resolve vulnerabilities : jetty-servlets > 9.4.41.v20210516 kafka-clients > 2.1.1 protobuf-java > 3.4.0 calcite-core > 1.26.0 guava > 30.0 dropwizard-validation > 1.3.21 hibernate-validator > 6.0.20 jakartha-el > 3.0.4 and for zookeeper aswell we would need the fix to handle log4j vulnerability issue, as of now we see the zookeeper is not effected but we would like to understand if there is any plan to upgrade the zookeeper package in future which minimize the vulnerability issue? Thanks in advance Regards, Adarsh -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
