[HIVE-25804] Update log4j2 version to 2.16.0 to incorporate further CVE-2021-44228 hardening - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: Logging
Labels:
- pull-request-available

Description

https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4

https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-25804.patch
15/Dec/21 09:05
1 kB
Csaba Juhász

Issue Links

is depended upon by

HIVE-25825 upgrade log4j 2.16.0 to 2.17.0+ due to CVE-2021-45105

Closed

is duplicated by

HIVE-25810 upgrade to log4j 2.16.0 - another CVE: CVE-2021-45046

Resolved

links to

GitHub Pull Request #2874

Activity

People

Assignee:: Csaba Juhász

Reporter:: Csaba Juhász

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 14/Dec/21 08:28

Updated:: 17/Nov/22 08:48

Resolved:: 15/Dec/21 09:13

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

0.5h