Due Date for Log4J Upgrade

Yoni Dayan Tue, 15 Mar 2022 09:21:58 -0700

Hello Zookeeper team ,
Can you please update when (on which release) will Zookeeper be upgraded to 
latest Log4J release?
Current version that it uses (1.X) exposes Zookeeper users to the following 
CVE-s:


  *   Critical
     *   CVE-2019-17571<https://nvd.nist.gov/vuln/detail/CVE-2019-17571>
     *   CVE-2022-23305<https://nvd.nist.gov/vuln/detail/CVE-2022-23305>
     *   CVE-2022-23307<https://nvd.nist.gov/vuln/detail/CVE-2022-23307>
  *   High
     *   CVE-2022-23302<https://nvd.nist.gov/vuln/detail/CVE-2022-23302>
     *   CVE-2021-4104<https://nvd.nist.gov/vuln/detail/CVE-2021-4104>
  *   Low
     *   CVE-2020-9488<https://nvd.nist.gov/vuln/detail/CVE-2020-9488>

Regards,
Yoni Dayan
Sr. Manager | SW
+972-74-7129344
NVIDIA<http://www.nvidia.com/>

Due Date for Log4J Upgrade

Reply via email to