[jira] [Created] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Donatello (Jira) Mon, 14 Mar 2022 10:13:04 -0700

Donatello created CASSANDRA-17434:
-------------------------------------

             Summary: CVE-2019-17571 from log4j 1.2.17
                 Key: CASSANDRA-17434
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17434
             Project: Cassandra
          Issue Type: Improvement
            Reporter: Donatello



"cassandra:4.0.3" image scanning reveals critical vulnerability due to 
dependency on log4j 1.2.17:

CVE-2019-17571 /        CWE-502 Deserialization of Untrusted Data

Could you please share your rationale of not upgrading log4j to 2.x

Thanks.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Reply via email to