Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-25314

Update log4j2 version to 2.16.0

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Not a Priority
    • Resolution: Duplicate
    • None
    • None
    • None
    • None

    Description

      The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations." 

       

      I think we need update log4j2 version to 2.16.0

       

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

      https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/

      https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/

       

       

      Attachments

        Issue Links

          duplicates

          Technical Debt - FLINK-25295 Update Log4j to 2.16.0

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              lijinzhong Jinzhong Li
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: