Thanks for confirming. Just one thing. I just downloaded ignite 2.11.1 and
2.12.x and I can still see log4j.1.2.17 in it.
Is it removed in 2.13 onwards?
On Fri, 20 May 2022, 20:27 Stephen Darlington, <
stephen.darling...@gridgain.com> wrote:
> Ignite-log4j is the code that links Ignite to
Ignite-log4j is the code that links Ignite to log4j. It does not contain a copy
of log4j.
Log4j is version 1.x of log4j, which wasn’t vulnerable. IIRC, log4j 1.x has
subsequently been removed from Ignite.
> On 20 May 2022, at 15:03, Surinder Mehra wrote:
>
> Hi, as per page below, log4j CVE
Hi, as per page below, log4j CVE is already fixed in ignite 2.11.1
https://blogs.apache.org/ignite/entry/apache-ignite-2-11-1
Affected log4j versions were 2.0-2.14. I can see ignite 2.11.1 contains two
log4j jar files below. Can you please confirm these log4j versions are not
affected by CVE
