Uploaded image for project: 'Bigtop'
  1. Bigtop
  2. BIGTOP-3605 Define Bigtop 3.1 release BOM
  3. BIGTOP-3613

Review log4j configurations for CVE-2021-44228

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.1.0
    • 3.1.0
    • None
    • None

    Description

      Due to CVE-2021-44228, it would be great to avoid shipping 3.1 with the affected log4j versions, or alternatively to apply the workarounds to patch the issue (like -Dlog4j2.formatMsgNoLookups=true etc..)

      More info: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3615 Upgrade log4j2 of Hive 3.1.2 to 2.16.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3616 Bump Flink to 1.11.6

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3618 Bump Solr to 8.11.1

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3619 Upgrade hive 2.3.6 to log4j 2.17.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3621 Bump Oozie's log4j dependencies to 2.17.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3624 Bump Alluxio's log4j dependencies to 2.17.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3626 Patch log4j version of ycsb

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3632 Bump elasticsearch's log4j dependencies to 2.17.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3635 Bump logstash's log4j dependencies to 2.17.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3640 Upgrade hive's log4j2 version to 2.17.1 for Bigtop 3.0.x

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3642 Upgrade log4j to 2.17.1 on all components

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. BIGTOP-3646 Upgrade Geode and TableStore SDK version for YCSB

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Apache projects affected by log4j CVE-2021-44228

          Activity

            People

              elukey Luca Toscano
              elukey Luca Toscano
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2.5h
                  2.5h