[
https://issues.apache.org/jira/browse/FLINK-25472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477746#comment-17477746
]
Manoja Mishra commented on FLINK-25472:
---------------------------------------
Hi [~MartijnVisser] ,
Thanks for working on this issue and providing the resolution. We are looking
for the patch release with log4j2.17.1. Could you please let me know when the
1.12.8 build will be available to download. We need to upgrade urgently due to
security mandate.
Thanks,
Manoja
> Update to Log4j 2.17.1
> ----------------------
>
> Key: FLINK-25472
> URL: https://issues.apache.org/jira/browse/FLINK-25472
> Project: Flink
> Issue Type: Technical Debt
> Components: API / Core
> Affects Versions: 1.15.0, 1.12.8, 1.13.6, 1.14.3
> Reporter: Martijn Visser
> Assignee: Martijn Visser
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0, 1.12.8, 1.13.6, 1.14.3
>
>
> We should update from Log4j 2.17.0 to 2.17.1 to address CVE-2021-44832:
> Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls
> configuration.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
