[
https://issues.apache.org/jira/browse/ZOOKEEPER-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482078#comment-17482078
]
Christopher Tubbs commented on ZOOKEEPER-4452:
----------------------------------------------
For current ZK releases under maintenance, it might be a good idea to switch to
https://reload4j.qos.ch/ to replace log4j1.x
For the next release line, ZOOKEEPER-4427 is already addressing migration away
from log4j1.
> Log4j 1.X CVE-2022-23302/5/7 vulnerabilities
> --------------------------------------------
>
> Key: ZOOKEEPER-4452
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4452
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Dominique Mongelli
> Priority: Major
>
> Some log4j 1.x vulnerabilities have been disclosed recently:
> * CVE-2022-23302: [https://nvd.nist.gov/vuln/detail/CVE-2022-23302]
> * CVE-2022-23305 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23305]
> * CVE-2022-23307 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23307]
> We would like to know if zookeeper is affected by these vulnerabilities ?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
