This issue is being tracked on ZOOKEEPER-4423. ZK 3.4 does not use log4j 2.x - all versions of zk currently use log4j 1.x.
Regards, Patrick On Mon, Dec 13, 2021 at 4:02 AM Prasanna kumar < prasannakumarram...@gmail.com> wrote: > Could anyone confirm the same on 3.4 versions? > > On Sun, Dec 12, 2021 at 9:58 AM tison <wander4...@gmail.com> wrote: > > > Hi Anchal, > > > > I don't speak on behalf of the PMC but it seems ZK just uses log4j 1.x, > not > > the affected version. > > > > Best, > > tison. > > > > > > Anchal Sharma2 <anchs...@in.ibm.com> 于2021年12月12日周日 12:19写道: > > > > > Hi All, > > > > > > Any one knows impact of Log4J security vulnerability CVE-2021-44228 on > > > zookeeper (version 3.5.8) and mitigation ?I couldn't find any news on > > > zookeeper website . > > > > > > Thanks > > > Anchal Sharma > > > > > > > > >
