[ https://issues.apache.org/jira/browse/ZOOKEEPER-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482078#comment-17482078 ]
Christopher Tubbs commented on ZOOKEEPER-4452: ---------------------------------------------- For current ZK releases under maintenance, it might be a good idea to switch to https://reload4j.qos.ch/ to replace log4j1.x For the next release line, ZOOKEEPER-4427 is already addressing migration away from log4j1. > Log4j 1.X CVE-2022-23302/5/7 vulnerabilities > -------------------------------------------- > > Key: ZOOKEEPER-4452 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4452 > Project: ZooKeeper > Issue Type: Bug > Reporter: Dominique Mongelli > Priority: Major > > Some log4j 1.x vulnerabilities have been disclosed recently: > * CVE-2022-23302: [https://nvd.nist.gov/vuln/detail/CVE-2022-23302] > * CVE-2022-23305 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23305] > * CVE-2022-23307 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23307] > We would like to know if zookeeper is affected by these vulnerabilities ? -- This message was sent by Atlassian Jira (v8.20.1#820001)