[jira] [Closed] (STORM-3809) CVE-2021-44228 Log4Shell: upgrade log4j2

Ethan Li (Jira) Sun, 16 Jan 2022 12:43:05 -0800


     [ 
https://issues.apache.org/jira/browse/STORM-3809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ethan Li closed STORM-3809.
---------------------------

> CVE-2021-44228 Log4Shell: upgrade log4j2
> ----------------------------------------
>
>                 Key: STORM-3809
>                 URL: https://issues.apache.org/jira/browse/STORM-3809
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>    Affects Versions: 2.3.0, 2.2.1
>            Reporter: Antoine Tran
>            Priority: Critical
>
> Recent critical CVE about log4shell 
> ([https://www.cvedetails.com/cve/CVE-2021-44228/)] affects Storm. (Eg: in 
> Storm 2.2.0, it uses log4j-api-2.11.2.jar) Any log4j2 between 2.0 and 2.14 is 
> affected.
>  
> I did not found any issue or news related to Apache Storm and a fix. So I 
> create this ticket to track it down.
> Please upgrade to latest Log4j2 >= 2.16.0 (see 
> [https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom)]
>  in both 2.2.X and 2.3.X Storm branches. Thank you!
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (STORM-3809) CVE-2021-44228 Log4Shell: upgrade log4j2

Reply via email to