[
https://issues.apache.org/jira/browse/FLINK-23315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yu Li updated FLINK-23315:
--------------------------
Fix Version/s: (was: 1.13.2)
1.13.3
Change fix version to 1.13.3 since we're checking against 1.13.2 RC3 and this
issue is still not assigned. Please feel free to set it back to 1.13.2 if
1.13.2 RC3 is canceled and this issue could be resolved before the next RC.
> Bump log4j to 2.14.1 for version 1.13.2
> ---------------------------------------
>
> Key: FLINK-23315
> URL: https://issues.apache.org/jira/browse/FLINK-23315
> Project: Flink
> Issue Type: Improvement
> Reporter: Guilaume Kermorgant
> Priority: Minor
> Fix For: 1.13.3
>
>
> Flink 1.13 is currently [relying on log4j 2.12.1|#L110], which has a [low
> severity vulnerability|[https://nvd.nist.gov/vuln/detail/CVE-2020-9488]].
> This is fixed in Log4j 2.13.1.
> Flink 1.14 will be released with Log4j 2.14.1, c.f. FLINK-22407
> It would be nice for us to have it in Flink 1.13.2 as well, if the community
> thinks it's not a bad idea; this could also be a good opportunity for me to
> open a first PR in the Flink repo.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
