Uploaded image for project: 'Bigtop'
  1. Bigtop
  2. BIGTOP-3642

Upgrade log4j to 2.17.1 on all components

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.1.0, 3.0.1
    • flink, hive, solr
    • None

    Description

      At this point of time, all components use log4j 2.16.0+ on branch-3.0 and master so CVE-2021-44228 and CVE-2021-45046 have already been addressed (thanks a lot elukey yoda-mon iwasakims!).
      It is better to upgrade them to 2.17.1 before the release for addressing CVE-2021-45105 and CVE-2021-44832.

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue BIGTOP-3613 Review log4j configurations for CVE-2021-44228

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link https://github.com/apache/bigtop/pull/863

          Activity

            People

              sekikn Kengo Seki
              sekikn Kengo Seki
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m