Hi Puneet,
Flink logs things like the job name which can be specified by the user.
Hence, a user could (as far as I understand) add a job name containing
malicious content. This is where the Flink cluster's log4j version comes
into play. Therefore, it's not enough to provide only an updated log4j
d
Hi,
Context: - I am using flink 1.12.1 version for real time event processing. This
flink uses log4j 2.12.1 version. But jar that i am uploading uses 2.17.0.
Now my assumption is that flink being generic in nature, does not log event
specific data , logging it is responsibility of user specific
