[jira] [Commented] (DRILL-8074) Upgrade log4j because of CVE-2021-44228

makino (Jira) Sun, 19 Dec 2021 12:24:04 -0800


    [ 
https://issues.apache.org/jira/browse/DRILL-8074?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462293#comment-17462293
 ]


makino commented on DRILL-8074:
-------------------------------

There is another vulnerability (CVE-2021-45105) and a new release of Log4j 
(2.17.0)

URL: [https://logging.apache.org/log4j/2.x/index.html]

> Upgrade log4j because of CVE-2021-44228
> ---------------------------------------
>
>                 Key: DRILL-8074
>                 URL: https://issues.apache.org/jira/browse/DRILL-8074
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: library
>    Affects Versions: 1.19.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Critical
>             Fix For: 1.20.0
>
>
> https://www.lunasec.io/docs/blog/log4j-zero-day/



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (DRILL-8074) Upgrade log4j because of CVE-2021-44228

Reply via email to