[jira] [Created] (STORM-3809) CVE-2021-44228 Log4Shell: upgrade log4j2

Antoine Tran (Jira) Tue, 14 Dec 2021 07:08:08 -0800

Antoine Tran created STORM-3809:
-----------------------------------

             Summary: CVE-2021-44228 Log4Shell: upgrade log4j2
                 Key: STORM-3809
                 URL: https://issues.apache.org/jira/browse/STORM-3809
             Project: Apache Storm
          Issue Type: Bug
          Components: storm-core
    Affects Versions: 2.3.0, 2.2.1
            Reporter: Antoine Tran



Recent critical CVE about log4shell 
([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm. (Eg: in Storm 
2.2.0, it uses log4j-api-2.11.2.jar) Any log4j2 between 2.0 and 2.14 is 
affected.

 

I did not found any issue or news related to Apache Storm and a fix. So I 
create this ticket to track it down.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (STORM-3809) CVE-2021-44228 Log4Shell: upgrade log4j2

Reply via email to