https://github.com/apache/incubator-heron/blob/2d4963a02da582f96cafa19665a207cdbd95ea2e/deploy/kubernetes/helm/values.yaml.template#L101
The values.yaml.template for helm we provided.
Regards J,
*Windham Wong*
OSWE, OSCP, GCIA, Specialist in Cybersecurity
Co-Founder, Managing Partner of
*Stormeye.io, Hong Kong Managed Security Operation Center Limited*
Specialist in Cybersecurity, Log Management and SIEM System
<https://www.stormeye.io>
Email // [email protected]
Phone // +852_3590_2212_|_+852_9832_0707 <tel:+85235902212>
Fax // +852_3590_2202 <tel:+852_3590_2202>
On 11/12/2021 18:00, H W wrote:
"It is CVE-2021-44228 and affects version 2 of log4j between versions
2.0-beta-9 and 2.14.1. It is not present in version 1 of log4j and is
patched in 2.15.0."
It seems our log4j is old enough and is not affected .. Correct me if I am
wrong.
Better to upgrade it to 2.15.0 though.
On Sat, Dec 11, 2021 at 1:52 AM H W<[email protected]> wrote:
The current version in maven_install.json is 1.2. We need >2.15.0 if I
understand correctly
On Sat, Dec 11, 2021 at 1:44 AM Ning Wang<[email protected]> wrote:
Are we using this library in Heron? We need to upgrade it ASAP if we do.
