[jira] [Created] (FLINK-25314) Update log4j2 version to 2.16.0

Tue, 14 Dec 2021 19:56:09 -0800 

Jinzhong Li created FLINK-25314:
-----------------------------------

             Summary: Update log4j2 version to 2.16.0
                 Key: FLINK-25314
                 URL: https://issues.apache.org/jira/browse/FLINK-25314
             Project: Flink
          Issue Type: Improvement
            Reporter: Jinzhong Li


The description of the new vulnerability, [CVE 
2021-45046|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046], says 
the fix to address 
[CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] 
in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations." 

 

I think we need update log4j2 version to 2.16.0

 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

[https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/]

https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/

 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to