[
https://issues.apache.org/jira/browse/MESOS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17470538#comment-17470538
]
Sangita Nalkar commented on MESOS-10234:
----------------------------------------
Hello,
While building mesos from source, I see that log4j v1.2.17 is being used.
Since you mentioned that example frameworks and tests might be affected due to
log4j, do you plan to fix or update the log4j version?
Thanks
> CVE-2021-44228 Log4j vulnerability for apache mesos
> ---------------------------------------------------
>
> Key: MESOS-10234
> URL: https://issues.apache.org/jira/browse/MESOS-10234
> Project: Mesos
> Issue Type: Bug
> Components: build
> Affects Versions: 1.11.0
> Reporter: Sangita Nalkar
> Priority: Critical
>
> Hi,
> Wanted to know if CVE-2021-44228 Log4j vulnerability is affecting Apache
> mesos.
> We see that log4j v1.2.17 is used while building apache mesos from source.
> Snippet from build logs:
> std=c++11 -MT jvm/org/apache/libjava_la-log4j.lo -MD -MP -MF
> jvm/org/apache/.deps/libjava_la-log4j.Tpo -c
> ../../src/jvm/org/apache/log4j.cpp -fPIC -DPIC -o
> jvm/org/apache/.libs/libjava_la-log4j.o
> Thanks,
> Sangita
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
