[jira] [Created] (HUDI-3090) Make sure Hudi doesn't use affected log4j2 version

Alexey Kudinkin (Jira) Tue, 21 Dec 2021 16:18:36 -0800

Alexey Kudinkin created HUDI-3090:
-------------------------------------

             Summary: Make sure Hudi doesn't use affected log4j2 version
                 Key: HUDI-3090
                 URL: https://issues.apache.org/jira/browse/HUDI-3090
             Project: Apache Hudi
          Issue Type: Bug
            Reporter: Alexey Kudinkin



It's been recently reported that JNDI features of log4j2 versions >= 2-beta9 <= 
2.15 are affected by 0-day vulnerability that might execute arbitrary code iff 
attacker's string will get logged.

More details could be found here:

[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]

 

We need to make sure that neither of this versions is present in Hudi's 
direct/transitive deps.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (HUDI-3090) Make sure Hudi doesn't use affected log4j2 version

Reply via email to