[GEODE-9898] bump log4j to 2.16.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.7, 1.13.6, 1.14.2, 1.15.0
Component/s: core
Labels:
- pull-request-available

Description

while the current jog4j 2.15.0 is sufficient to prevent CVE-2021-44228, 2.16.0 is recommended as it fully disables jndi lookup

Attachments

Issue Links

links to

GitHub Pull Request #7200

Activity

People

Assignee:: Unassigned

Reporter:: Owen Nichols

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Dec/21 09:46

Updated:: 15/Dec/21 23:52

Resolved:: 14/Dec/21 20:17