This is an automated email from the ASF dual-hosted git repository. chesnay pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/flink-web.git
commit 6f44cc26d51d44e635939658c6245e47c2a6a60f Author: Chesnay Schepler <[email protected]> AuthorDate: Fri Dec 17 12:48:01 2021 +0100 Clarify release contents --- _posts/2021-12-16-log4j-patch-releases.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2021-12-16-log4j-patch-releases.md b/_posts/2021-12-16-log4j-patch-releases.md index f895b06..d72230b 100644 --- a/_posts/2021-12-16-log4j-patch-releases.md +++ b/_posts/2021-12-16-log4j-patch-releases.md @@ -11,7 +11,7 @@ authors: The Apache Flink community has released emergency bugfix versions of Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series. -These releases include a version upgrade for Log4j to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046). +These releases only include a version upgrade for Log4j to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046). We highly recommend all users to upgrade to the respective patch release. @@ -36,6 +36,6 @@ The newly released versions are: * 1.12.7 * 1.11.6 -To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases were _skipped_ because [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) was discovered during the release publication. Some artifacts were published to Maven Central, but no source/binary releases nor Docker images are available for those versions. +To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were _skipped_ because [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) was discovered during the release publication. Some artifacts were published to Maven Central, but no source/binary releases nor Docker images are available for those versions. </div>
