David Handermann created NIFI-9505:
--------------------------------------
Summary: Upgrade Log4j 2 to 2.17.0
Key: NIFI-9505
URL: https://issues.apache.org/jira/browse/NIFI-9505
Project: Apache NiFi
Issue Type: Bug
Reporter: David Handermann
Assignee: David Handermann
Log4j 2 version 2.17.0 addresses a potential vulnerability in non-standard
logging configurations using Thread Context Map lookup capabilities, described
in [CVE-2021-45105|https://www.cve.org/CVERecord?id=CVE-2021-45105].
Although NiFi does not use Log4j 2 for runtime logging, upgrading to version
2.17.0 avoids potential references to older versions in external components.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
