Michael Smith has posted comments on this change. ( http://gerrit.cloudera.org:8080/24301 )
Change subject: IMPALA-14989: Upgrade log4j-core to 2.25.3 due to CVE-2025-68161 ...................................................................... Patch Set 5: (1 comment) > Patch Set 5: Verified-1 > > Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/13520/ I don't see these problems locally, so may be transient infrastructures issues and just need a re-run. http://gerrit.cloudera.org:8080/#/c/24301/5//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/24301/5//COMMIT_MSG@7 PS5, Line 7: IMPALA-14989: Upgrade log4j-core to 2.25.3 due to CVE-2025-68161 We should probably move to 2.25.4 at this point. https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.24.3 shows several direct vulnerabilities. -- To view, visit http://gerrit.cloudera.org:8080/24301 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Icdf7357dbf7edbb60cb3374094f210cbfeea2744 Gerrit-Change-Number: 24301 Gerrit-PatchSet: 5 Gerrit-Owner: Pranav Lodha <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Reviewer: Pranav Lodha <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Comment-Date: Tue, 19 May 2026 22:20:05 +0000 Gerrit-HasComments: Yes
