Guilaume Kermorgant created FLINK-23315:
-------------------------------------------
Summary: Bump log4j to 2.14.1 for version 1.13.2
Key: FLINK-23315
URL: https://issues.apache.org/jira/browse/FLINK-23315
Project: Flink
Issue Type: Improvement
Reporter: Guilaume Kermorgant
Fix For: 1.13.2
Flink 1.13 is currently [relying on log4j
2.12.1|[https://github.com/apache/flink/blob/release-1.13/pom.xml#L110],] which
has a [low severity
vulnerability|[https://nvd.nist.gov/vuln/detail/CVE-2020-9488]|https://nvd.nist.gov/vuln/detail/CVE-2020-9488].]
This is fixed in Log4j 2.13.1.
Flink 1.14 will be released with Log4j 2.14.1, c.f.
[FLINK-22407|https://issues.apache.org/jira/browse/FLINK-22407]
It would be nice for us to have it in Flink 1.13.2 as well, if the community
thinks it's not a bad idea; this could also be a good opportunity for me to
open a first PR in the Flink repo.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
