[jira] [Commented] (ZOOKEEPER-4423) Upgrade Log4j to 2.15.0 - CVE-2021-44228

Patrick D. Hunt (Jira) Fri, 10 Dec 2021 12:41:37 -0800


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457350#comment-17457350
 ]


Patrick D. Hunt commented on ZOOKEEPER-4423:
--------------------------------------------

Agree that it's not clear if log4j v1 is out of the woods, but so far afaict we 
should be OK. That said, please speak up if that's not the case/changes....

> Upgrade Log4j to 2.15.0 - CVE-2021-44228
> ----------------------------------------
>
>                 Key: ZOOKEEPER-4423
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4423
>             Project: ZooKeeper
>          Issue Type: Task
>    Affects Versions: 3.6.0, 3.6.3, 3.7.0, 3.6.1, 3.6.2, 3.6.4
>            Reporter: Sai Kiran Vudutala
>            Priority: Major
>
> Log4j has an RCE vulnerability, see 
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
> References. 
> [https://github.com/advisories/GHSA-jfh8-c2jp-5v3q]
> [https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126]
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (ZOOKEEPER-4423) Upgrade Log4j to 2.15.0 - CVE-2021-44228

Reply via email to