Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-3810

CVE-2021-44228 Log4J vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 1.2.2, 1.2.3, 1.2.4
    • None
    • storm-core
    • None
    • Important

    Description

      Recent critical CVE about Log4J (https://www.cvedetails.com/cve/CVE-2021-44228/) affects Storm.

      Please upgrade to latest Log4j2 >= 2.16.0 (seeĀ https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom) in 1.2.X Storm branch and also in 2.X.X Storm branches.

      Thank you!

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              dario.bonino Dario Bonino
              Votes:
              5 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m