https://issues.apache.org/jira/browse/NIFI-9482
Le mer. 15 déc. 2021 à 09:44, Ganesh, B (Nokia - IN/Bangalore) < b.gan...@nokia.com> a écrit : > Hi All , > > According to latest mitigation plan from Log4J - ( > https://logging.apache.org/log4j/2.x/security.html) Java 8 (or later) > users should upgrade to release 2.16.0. > However NIFI community discussion ( > https://www.mail-archive.com/issues@nifi.apache.org/msg126427.html ) > Following NIFI-9283, upgrade Log4j to 2.15.0 wherever possible. > > Can you please clarify further ? > > Thanks & Regards, > Ganesh.B > > -----Original Message----- > From: Joe Witt <joe.w...@gmail.com> > Sent: Tuesday, December 14, 2021 10:16 PM > To: dev@nifi.apache.org > Subject: Re: Log4j Vunrability > > Bcc'ing you Martin > > Yes of course we're very in tuned to what is happening. The convenience > binary we sent doesn't contain log4j impacted libs. But some of the nars > we publish that people can use do. We also do not use log4j directly as we > use slf4j. But we're not certain that every possible avenue of this is > shut down so we're treating this as if we must replace it entirely. To > that end we are releasing Apache NiFi > 1.15.1 and doing so in urgent timeline. There have been issues with the > release process presumably due to Apache being under so much load. > But we're on it. Hopefully vote today/release up/available tomorrow. > TBD > > Thanks > > On Tue, Dec 14, 2021 at 9:40 AM Haris Javaid <haris.jav...@toronto.ca> > wrote: > > > > Hi there, > > I am sure you guys are aware of the recently found log4j > > vulnerability. I am curious to know if its required for us Nifi users > > to take some action. Please let me know > > > > Thanks, > > H >
