[FLINK-25375] Update Log4j to 2.17.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.11.6, 1.12.7, 1.13.5, 1.14.2
Fix Version/s: 1.12.8, 1.13.6, 1.14.3, 1.15.0
Component/s: None
Labels:
- pull-request-available

Description

Log4j 2.17.0 has been released [1]

This release contains the changes noted below:

Address CVE-2021-45105.
Require components that use JNDI to be enabled individually via system properties.
Remove LDAP and LDAPS as supported protocols from JNDI.

[1] https://github.com/apache/logging-log4j2/blob/6b1581901ba7a107cdc4a2208ecec03655722b44/RELEASE-NOTES.md#apache-log4j-2170-release-notes

Attachments

Issue Links

links to

GitHub Pull Request #18149

GitHub Pull Request #18166

GitHub Pull Request #18167

GitHub Pull Request #18168

Activity

People

Assignee:: Konstantin Knauf

Reporter:: Sergey Nuyanzin

Votes:: 2 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 19/Dec/21 15:35

Updated:: 26/Dec/21 07:45

Resolved:: 26/Dec/21 07:44