[jira] [Commented] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Donatello (Jira) Mon, 14 Mar 2022 10:31:06 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17506378#comment-17506378
 ]


Donatello commented on CASSANDRA-17434:
---------------------------------------

Sorry you can close.
This was due to some additional tools, not related to cassandra, added into the 
base image.

> CVE-2019-17571 from log4j 1.2.17
> --------------------------------
>
>                 Key: CASSANDRA-17434
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17434
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Donatello
>            Priority: Normal
>
> "cassandra:4.0.3" image scanning reveals critical vulnerability due to 
> dependency on log4j 1.2.17:
> CVE-2019-17571 /      CWE-502 Deserialization of Untrusted Data
> Could you please share your rationale of not upgrading log4j to 2.x
> Thanks.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CASSANDRA-17434) CVE-2019-17571 from log4j 1.2.17

Reply via email to