Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-13434

Bump up Apache log4j2 to 2.16.0 due to the vulnerability

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • P1
    • Resolution: Fixed
    • 2.34.0
    • 2.35.0
    • sdk-java-core
    • None

    Description

        1. Overview

      2.0 <= Apache log4j2 <= 2.14.1 has vulnerability.

       

      >  In most cases, developers may write error messages caused by user input into the log. Attackers can use this feature to construct special data request packets through this vulnerability, and ultimately trigger remote code execution.

       

      [UPDATED]

      The vulnerability is labeled to `CVE-2021-44228`.

       

        1. References

      Attachments

        Activity

          People

            Unassigned Unassigned
            yuu.ishikawa@gmail.com Yu Ishikawa
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 26.5h
                26.5h