[
https://issues.apache.org/jira/browse/STORM-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dario Bonino updated STORM-3810:
--------------------------------
Description:
Recent critical CVE about Log4J
([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm.
Please upgrade to latest Log4j2 >= 2.16.0 (see
[https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom)]
in 1.2.X Storm branch and also in 2.X.X Storm branches.
Tips: maibe disruptor has to be updated to 3.4.4
Thank you!
was:
Recent critical CVE about Log4J
([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm.
Please upgrade to latest Log4j2 >= 2.16.0 (see
[https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom)]
in 1.2.X Storm branch and also in 2.X.X Storm branches.
Thank you!
> CVE-2021-44228 Log4J vulnerability
> ----------------------------------
>
> Key: STORM-3810
> URL: https://issues.apache.org/jira/browse/STORM-3810
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 1.2.2, 1.2.3, 1.2.4
> Reporter: Dario Bonino
> Priority: Critical
>
> Recent critical CVE about Log4J
> ([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm.
> Please upgrade to latest Log4j2 >= 2.16.0 (see
> [https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom)]
> in 1.2.X Storm branch and also in 2.X.X Storm branches.
> Tips: maibe disruptor has to be updated to 3.4.4
> Thank you!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
