[
https://issues.apache.org/jira/browse/FLINK-25472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477747#comment-17477747
]
Martijn Visser commented on FLINK-25472:
----------------------------------------
[~mkmishra] There's currently no plan for a new Flink 1.12 release. You can
always ask for a new Flink 1.12 release on the Dev mailing list, but this Flink
version is close to not being supported anymore by the community (since Flink
1.15 will be released in the next couple of months and the community only
supports the last 3 versions).
> Update to Log4j 2.17.1
> ----------------------
>
> Key: FLINK-25472
> URL: https://issues.apache.org/jira/browse/FLINK-25472
> Project: Flink
> Issue Type: Technical Debt
> Components: API / Core
> Affects Versions: 1.15.0, 1.12.8, 1.13.6, 1.14.3
> Reporter: Martijn Visser
> Assignee: Martijn Visser
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0, 1.12.8, 1.13.6, 1.14.3
>
>
> We should update from Log4j 2.17.0 to 2.17.1 to address CVE-2021-44832:
> Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls
> configuration.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
