[CASSANDRA-14183] CVE-2017-5929 Security vulnerability and redefine default log rotation policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.1.21, 2.2.13, 3.0.17, 3.11.3, 4.0, 4.0-alpha1
Component/s: Dependencies
Labels:
- patch
- security

Description

Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security vulnerability described here. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929

Also update to logback allows a simple date and size rotation policy to
replace the default fixed policy, which is broken by design.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch
13/Feb/18 19:35
1.65 MB
Michael Shuler

Issue Links

links to

GitHub Pull Request #186

Activity

People

Assignee:

Thiago Veronezi

Reporter:

Thiago Veronezi

Authors:

Thiago Veronezi

Reviewers:

Ariel Weisberg

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

22/Jan/18 15:40

Updated:

15/May/20 07:59

Resolved:

14/Feb/18 21:36