[STORM-3810] CVE-2021-44228 Log4J vulnerability - ASF JIRA

Rank to Top

Rank to Bottom

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Convert to sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Duplicate
Affects Version/s: 1.2.2, 1.2.3, 1.2.4
Fix Version/s: None
Component/s: storm-core
Labels:
None

Flags:

Important

Description

Recent critical CVE about Log4J (https://www.cvedetails.com/cve/CVE-2021-44228/) affects Storm.

Please upgrade to latest Log4j2 >= 2.16.0 (see https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom) in 1.2.X Storm branch and also in 2.X.X Storm branches.

Thank you!

Attachments

Issue Links

Add Link

Blocked

STORM-3814 storm-core: Remediate log4j critical vulnerabilities -> 2.16.0 or newer, prefer 2.17.1

Closed

Delete this link

duplicates

STORM-3811 Upgrade log4j version to 2.17.1

Resolved

Delete this link

relates to

STORM-3809 CVE-2021-44228 Log4Shell: upgrade log4j2

Closed

Delete this link

STORM-3808 Bump log4j version to 2.16.0 (original ticket was 2.15.0)

Closed

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Dario Bonino

Votes:: 5 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 15/Dec/21 17:04

Updated:: 16/Jan/22 20:43

Resolved:: 16/Jan/22 20:43

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

CVE-2021-44228 Log4J vulnerability

Details

Description

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment