[
https://issues.apache.org/jira/browse/STORM-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022201#comment-16022201
]
Jungtaek Lim commented on STORM-2528:
-------------------------------------
Maybe better to consider upgrade as higher priority since Storm is using CVE
affected version of Log4j.
http://www.cvedetails.com/cve/CVE-2017-5645/
> Bump log4j version to 2.8.2
> ---------------------------
>
> Key: STORM-2528
> URL: https://issues.apache.org/jira/browse/STORM-2528
> Project: Apache Storm
> Issue Type: Improvement
> Reporter: Balint Molnar
> Priority: Minor
>
> Log4j version 2.8.2 is generally available so I propose to bump the log4j
> version, because of several security and speed improvements.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
