[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0

2021-12-26 Thread Jira


 [ 
https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

João Boto updated BAHIR-294:

Component/s: (was: Build)
 (was: Spark SQL Data Sources)
 (was: Spark Streaming Connectors)
 (was: Spark Structured Streaming Connectors)
 (was: Website)

> Update log4j2 version to 2.15.0
> ---
>
> Key: BAHIR-294
> URL: https://issues.apache.org/jira/browse/BAHIR-294
> Project: Bahir
>  Issue Type: Improvement
>  Components: Flink Streaming Connectors
>Affects Versions: Spark-2.3.0, Flink-1.0
>Reporter: haoqi
>Assignee: João Boto
>Priority: Major
> Fix For: Flink-Next
>
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
>  
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]
>  
> [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)


[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0

2021-12-26 Thread Jira


 [ 
https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

João Boto updated BAHIR-294:

Affects Version/s: (was: Spark-2.3.0)

> Update log4j2 version to 2.15.0
> ---
>
> Key: BAHIR-294
> URL: https://issues.apache.org/jira/browse/BAHIR-294
> Project: Bahir
>  Issue Type: Improvement
>  Components: Flink Streaming Connectors
>Affects Versions: Flink-1.0
>Reporter: haoqi
>Assignee: João Boto
>Priority: Major
> Fix For: Flink-Next
>
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
>  
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]
>  
> [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)


[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0

2021-12-13 Thread haoqi (Jira)


 [ 
https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

haoqi updated BAHIR-294:

Priority: Major  (was: Blocker)

> Update log4j2 version to 2.15.0
> ---
>
> Key: BAHIR-294
> URL: https://issues.apache.org/jira/browse/BAHIR-294
> Project: Bahir
>  Issue Type: Improvement
>  Components: Build, Flink Streaming Connectors, Spark SQL Data 
> Sources, Spark Streaming Connectors, Spark Structured Streaming Connectors, 
> Website
>Affects Versions: Spark-2.3.0, Flink-1.0
>Reporter: haoqi
>Priority: Major
> Fix For: Flink-Next, Spark-2.4.0
>
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
>  
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]
>  
> [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)


[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0

2021-12-12 Thread haoqi (Jira)


 [ 
https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

haoqi updated BAHIR-294:

Description: 
2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.

 

[https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]

 

[https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]

  was:
2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero

day.https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/


> Update log4j2 version to 2.15.0
> ---
>
> Key: BAHIR-294
> URL: https://issues.apache.org/jira/browse/BAHIR-294
> Project: Bahir
>  Issue Type: Improvement
>  Components: Build, Flink Streaming Connectors, Spark SQL Data 
> Sources, Spark Streaming Connectors, Spark Structured Streaming Connectors, 
> Website
>Affects Versions: Spark-2.3.0, Flink-1.0
>Reporter: haoqi
>Priority: Blocker
> Fix For: Flink-Next, Spark-2.4.0
>
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
>  
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]
>  
> [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)