[FLINK-25240] Update log4j2 version to 2.15.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.13.0
Fix Version/s: 1.11.5, 1.12.6, 1.14.1, 1.13.4, 1.15.0
Component/s: API / Core
Labels:
- pull-request-available

Description

2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.

https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

https://www.lunasec.io/docs/blog/log4j-zero-day/

Attachments

Issue Links

is duplicated by

FLINK-25258 Update log4j2 version to 2.15.0-rc2

Closed

links to

GitHub Pull Request #18077

Activity

People

Assignee:: Luning Wang

Reporter:: Luning Wang

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 10/Dec/21 06:04

Updated:: 15/Dec/21 10:43

Resolved:: 12/Dec/21 10:49