[
https://issues.apache.org/jira/browse/CALCITE-4930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457087#comment-17457087
]
Jing Zhang commented on CALCITE-4930:
-------------------------------------
Thanks for driving the hot-fix in time.
Which version do you plan to upgrade?
Based on [the article|https://mp.weixin.qq.com/s/Yq9k1eBquz3mM1sCinneiA], It is
recommended to update to the Apache Log4j 2.15.0-rc2.
"The Alibaba Cloud security team issued a warning again and found that the
Apache Log4j 2.15.0-rc1 version had a vulnerability bypass. It is recommended
to update to the Apache Log4j 2.15.0-rc2 version in time."
> Update log4j2 version to 2.15.0
> -------------------------------
>
> Key: CALCITE-4930
> URL: https://issues.apache.org/jira/browse/CALCITE-4930
> Project: Calcite
> Issue Type: Bug
> Components: core
> Affects Versions: 1.28.0
> Reporter: Ada Wong
> Priority: Blocker
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
> h4.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
