[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364525#comment-16364525 ]
Jason Brown commented on CASSANDRA-14183: ----------------------------------------- I'm +1 on the NEWS.txt changes. > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > ----------------------------------------------------------------------------- > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries > Reporter: Thiago Veronezi > Assignee: Thiago Veronezi > Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org