Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.28.0
Description
2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
Attachments
Issue Links
- relates to
-
CALCITE-4937 Upgrade Calcite to Avatica 1.20
- Closed
-
CALCITE-4931 Upgrade SLF4J binding to Log4j2 version 2.15.0
- Closed
- links to