[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0
[ https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] João Boto updated BAHIR-294: Component/s: (was: Build) (was: Spark SQL Data Sources) (was: Spark Streaming Connectors) (was: Spark Structured Streaming Connectors) (was: Website) > Update log4j2 version to 2.15.0 > --- > > Key: BAHIR-294 > URL: https://issues.apache.org/jira/browse/BAHIR-294 > Project: Bahir > Issue Type: Improvement > Components: Flink Streaming Connectors >Affects Versions: Spark-2.3.0, Flink-1.0 >Reporter: haoqi >Assignee: João Boto >Priority: Major > Fix For: Flink-Next > > > 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day. > > [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] > > [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0
[ https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] João Boto updated BAHIR-294: Affects Version/s: (was: Spark-2.3.0) > Update log4j2 version to 2.15.0 > --- > > Key: BAHIR-294 > URL: https://issues.apache.org/jira/browse/BAHIR-294 > Project: Bahir > Issue Type: Improvement > Components: Flink Streaming Connectors >Affects Versions: Flink-1.0 >Reporter: haoqi >Assignee: João Boto >Priority: Major > Fix For: Flink-Next > > > 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day. > > [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] > > [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0
[ https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] haoqi updated BAHIR-294: Priority: Major (was: Blocker) > Update log4j2 version to 2.15.0 > --- > > Key: BAHIR-294 > URL: https://issues.apache.org/jira/browse/BAHIR-294 > Project: Bahir > Issue Type: Improvement > Components: Build, Flink Streaming Connectors, Spark SQL Data > Sources, Spark Streaming Connectors, Spark Structured Streaming Connectors, > Website >Affects Versions: Spark-2.3.0, Flink-1.0 >Reporter: haoqi >Priority: Major > Fix For: Flink-Next, Spark-2.4.0 > > > 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day. > > [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] > > [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (BAHIR-294) Update log4j2 version to 2.15.0
[ https://issues.apache.org/jira/browse/BAHIR-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] haoqi updated BAHIR-294: Description: 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day. [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] was: 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/ > Update log4j2 version to 2.15.0 > --- > > Key: BAHIR-294 > URL: https://issues.apache.org/jira/browse/BAHIR-294 > Project: Bahir > Issue Type: Improvement > Components: Build, Flink Streaming Connectors, Spark SQL Data > Sources, Spark Streaming Connectors, Spark Structured Streaming Connectors, > Website >Affects Versions: Spark-2.3.0, Flink-1.0 >Reporter: haoqi >Priority: Blocker > Fix For: Flink-Next, Spark-2.4.0 > > > 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day. > > [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] > > [https://www.lunasec.io/docs/blog/log4j-zero-day/|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.htmlhttps://www.lunasec.io/docs/blog/log4j-zero-day/] -- This message was sent by Atlassian Jira (v8.20.1#820001)