[STORM-3810] CVE-2021-44228 Log4J vulnerability - ASF JIRA

XML

Word

Printable

JSON

Recent critical CVE about Log4J (https://www.cvedetails.com/cve/CVE-2021-44228/) affects Storm.

Please upgrade to latest Log4j2 >= 2.16.0 (see https://search.maven.org/artifact/org.apache.logging.log4j/log4j/2.16.0/pom) in 1.2.X Storm branch and also in 2.X.X Storm branches.

Thank you!

Blocked

STORM-3814 storm-core: Remediate log4j critical vulnerabilities -> 2.16.0 or newer, prefer 2.17.1

duplicates

STORM-3811 Upgrade log4j version to 2.17.1

relates to

STORM-3809 CVE-2021-44228 Log4Shell: upgrade log4j2

STORM-3808 Bump log4j version to 2.16.0 (original ticket was 2.15.0)

Estimated:

Not Specified

Remaining:

Logged:

1h 10m