[
https://issues.apache.org/jira/browse/DRILL-8074?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459979#comment-17459979
]
ASF GitHub Bot commented on DRILL-8074:
---------------------------------------
jnturton opened a new pull request #2405:
URL: https://github.com/apache/drill/pull/2405
# [DRILL-8074](https://issues.apache.org/jira/browse/DRILL-8074): Second
upgrade of log4j (2.16 now) because of CVE-2021-44228.
## Description
Refer to DRILL-8074, #2403 and CVE 2021-45046. This PR updates log4j-api
and log4j-to-slf4j again, this time to 2.16. Note that we do not believe
these components are actually vulnerable, this is just overzealous caution.
## Documentation
None
## Testing
Full set of unit tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> Upgrade log4j because of CVE-2021-44228
> ---------------------------------------
>
> Key: DRILL-8074
> URL: https://issues.apache.org/jira/browse/DRILL-8074
> Project: Apache Drill
> Issue Type: Bug
> Components: library
> Affects Versions: 1.19.0
> Reporter: James Turton
> Assignee: James Turton
> Priority: Critical
> Fix For: 1.20.0
>
>
> https://www.lunasec.io/docs/blog/log4j-zero-day/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
