[jira] [Updated] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Brandon Williams (Jira) Mon, 14 Mar 2022 10:17:04 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-17434:
-----------------------------------------
    Resolution: Invalid
        Status: Resolved  (was: Triage Needed)

We haven't used log4j since CASSANDRA-5883.

> CVE-2019-17571 from log4j 1.2.17
> --------------------------------
>
>                 Key: CASSANDRA-17434
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17434
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Donatello
>            Priority: Normal
>
> "cassandra:4.0.3" image scanning reveals critical vulnerability due to 
> dependency on log4j 1.2.17:
> CVE-2019-17571 /      CWE-502 Deserialization of Untrusted Data
> Could you please share your rationale of not upgrading log4j to 2.x
> Thanks.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Reply via email to