[ https://issues.apache.org/jira/browse/HBASE-26557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456882#comment-17456882 ]
Anoop Sam John commented on HBASE-26557: ---------------------------------------- Can u link vulnerability details also here for completeness [~xytss123] > log4j2 has a critical RCE vulnerability > --------------------------------------- > > Key: HBASE-26557 > URL: https://issues.apache.org/jira/browse/HBASE-26557 > Project: HBase > Issue Type: Bug > Reporter: Yutong Xiao > Assignee: Yutong Xiao > Priority: Major > > Impacted log4j version: Apache Log4j 2.x <= 2.14.1 > I found that our current log4j version at master is 2.14.1. > Should upgrade the version to 2.15.0 -- This message was sent by Atlassian Jira (v8.20.1#820001)