[ https://issues.apache.org/jira/browse/ZOOKEEPER-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli resolved ZOOKEEPER-4452. ---------------------------------------- Fix Version/s: 3.8.0 3.7.1 3.6.4 Resolution: Fixed Resolved for 3.7.x and 3.6.x with ZOOKEEPER-4455 Resolved for 3.8.x with the move to LogBack > Log4j 1.X CVE-2022-23302/5/7 vulnerabilities > -------------------------------------------- > > Key: ZOOKEEPER-4452 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4452 > Project: ZooKeeper > Issue Type: Bug > Components: security > Reporter: Dominique Mongelli > Priority: Major > Fix For: 3.8.0, 3.7.1, 3.6.4 > > > Some log4j 1.x vulnerabilities have been disclosed recently: > * CVE-2022-23302: [https://nvd.nist.gov/vuln/detail/CVE-2022-23302] > * CVE-2022-23305 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23305] > * CVE-2022-23307 : [https://nvd.nist.gov/vuln/detail/CVE-2022-23307] > We would like to know if zookeeper is affected by these vulnerabilities ? -- This message was sent by Atlassian Jira (v8.20.1#820001)