[jira] [Updated] (ARROW-15058) [Java] Update log4j2 version to 2.15.0 in performance module

Liya Fan (Jira) Fri, 17 Dec 2021 03:47:04 -0800


     [ 
https://issues.apache.org/jira/browse/ARROW-15058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Liya Fan updated ARROW-15058:
-----------------------------
    Priority: Critical  (was: Major)

> [Java] Update log4j2 version to 2.15.0 in performance module
> ------------------------------------------------------------
>
>                 Key: ARROW-15058
>                 URL: https://issues.apache.org/jira/browse/ARROW-15058
>             Project: Apache Arrow
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: 6.0.1
>            Reporter: Ada Wong
>            Assignee: Liya Fan
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://logging.apache.org/log4j/2.x/security.html]
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (ARROW-15058) [Java] Update log4j2 version to 2.15.0 in performance module

Reply via email to