[ARROW-15058] [Java] Remove log4j2 dependency in performance module - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 6.0.1
Fix Version/s: 6.0.1, 7.0.0
Component/s: Java
Labels:
- pull-request-available

External issue URL:
https://github.com/apache/arrow/issues/30573

Description

2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.

https://logging.apache.org/log4j/2.x/security.html

https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

https://www.lunasec.io/docs/blog/log4j-zero-day/

Attachments

Issue Links

links to

GitHub Pull Request #11986

Activity

People

Assignee:: Liya Fan

Reporter:: Luning Wang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Dec/21 14:58

Updated:: 11/Jan/23 08:44

Resolved:: 22/Dec/21 02:51

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

1.5h