[
https://issues.apache.org/jira/browse/MESOS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584433#comment-17584433
]
Charles Natali commented on MESOS-10234:
----------------------------------------
Hi Sangita,
if this is an issue for you, you can simply use whatever zookeeper version you
want, you do not need to use the shipped one.
We could update zookeeper separately, the shipped version is quite old and has
some known bugs - [~qianzhang] what do you think?
> CVE-2021-44228 Log4j vulnerability for apache mesos
> ---------------------------------------------------
>
> Key: MESOS-10234
> URL: https://issues.apache.org/jira/browse/MESOS-10234
> Project: Mesos
> Issue Type: Bug
> Components: build
> Affects Versions: 1.11.0
> Reporter: Sangita Nalkar
> Priority: Critical
>
> Hi,
> Wanted to know if CVE-2021-44228 Log4j vulnerability is affecting Apache
> mesos.
> We see that log4j v1.2.17 is used while building apache mesos from source.
> Snippet from build logs:
> std=c++11 -MT jvm/org/apache/libjava_la-log4j.lo -MD -MP -MF
> jvm/org/apache/.deps/libjava_la-log4j.Tpo -c
> ../../src/jvm/org/apache/log4j.cpp -fPIC -DPIC -o
> jvm/org/apache/.libs/libjava_la-log4j.o
> Thanks,
> Sangita
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
