Uploaded image for project: 'Bigtop'
  1. Bigtop
  2. BIGTOP-3605 Define Bigtop 3.1 release BOM
  3. BIGTOP-3613

Review log4j configurations for CVE-2021-44228

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.1.0
    • 3.1.0
    • None
    • None

    Description

      Due to CVE-2021-44228, it would be great to avoid shipping 3.1 with the affected log4j versions, or alternatively to apply the workarounds to patch the issue (like -Dlog4j2.formatMsgNoLookups=true etc..)

      More info: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            elukey Luca Toscano
            elukey Luca Toscano
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2.5h
                2.5h

                Slack

                  Issue deployment