[jira] [Resolved] (FLINK-23315) Bump log4j to 2.14.1 for version 1.13.2

Konstantin Knauf (Jira) Tue, 01 Feb 2022 06:25:06 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-23315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Konstantin Knauf resolved FLINK-23315.
--------------------------------------
    Fix Version/s:     (was: 1.13.6)
       Resolution: Duplicate

This has been superseded by https://issues.apache.org/jira/browse/FLINK-25472.

> Bump log4j to 2.14.1 for version 1.13.2
> ---------------------------------------
>
>                 Key: FLINK-23315
>                 URL: https://issues.apache.org/jira/browse/FLINK-23315
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Guilaume Kermorgant
>            Priority: Minor
>
> Flink 1.13 is currently [relying on log4j 2.12.1|#L110], which has a [low 
> severity vulnerability|[https://nvd.nist.gov/vuln/detail/CVE-2020-9488]].
> This is fixed in Log4j 2.13.1.
> Flink 1.14 will be released with Log4j 2.14.1, c.f. FLINK-22407
> It would be nice for us to have it in Flink 1.13.2 as well, if the community 
> thinks it's not a bad idea; this could also be a good opportunity for me to 
> open a first PR in the Flink repo.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (FLINK-23315) Bump log4j to 2.14.1 for version 1.13.2

Reply via email to