Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-26557

log4j2 has a critical RCE vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha-2
    • logging, security
    • None
    • Reviewed
    • Upgrade log4j2 to 2.15.0 for addressing CVE-2021-44228.

    Description

      Impacted log4j version: Apache Log4j 2.x <= 2.14.1
      I found that our current log4j version at master is 2.14.1.
      Should upgrade the version to 2.15.0

      Attachments

        Issue Links

          is a child of

          Task - A task that needs to be done. HBASE-26560 Address recent the log4j2 CVEs

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #95

          Web Link GitHub Pull Request #3933

          Web Link GitHub Pull Request #3941

          Activity

            People

              xytss123 Yutong Xiao
              xytss123 Yutong Xiao
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: