[jira] [Commented] (FLINK-25240) Update log4j2 version to 2.15.0

Martijn Visser (Jira) Fri, 10 Dec 2021 04:17:04 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-25240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457105#comment-17457105
 ]


Martijn Visser commented on FLINK-25240:
----------------------------------------

[~tartarus] 2.15.0-rc2 is a release candidate for 2.15.0, which means that 
2.15.0 contains all patches of 2.15.0-rc2 and is a stable release, while rc2 is 
a release candidate. 

> Update log4j2 version to 2.15.0 
> --------------------------------
>
>                 Key: FLINK-25240
>                 URL: https://issues.apache.org/jira/browse/FLINK-25240
>             Project: Flink
>          Issue Type: Improvement
>          Components: API / Core
>    Affects Versions: 1.13.0
>            Reporter: Ada Wong
>            Assignee: Ada Wong
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 1.15.0, 1.14.1, 1.13.4
>
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> https://www.lunasec.io/docs/blog/log4j-zero-day/



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (FLINK-25240) Update log4j2 version to 2.15.0

Reply via email to