[ZOOKEEPER-4423] Upgrade Log4j to 2.15.0 - CVE-2021-44228 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 3.6.0, 3.6.3, 3.7.0, 3.6.1, 3.6.2, 3.6.4
Fix Version/s: None
Component/s: None
Labels:
None

Description

Log4j has an RCE vulnerability, see https://www.lunasec.io/docs/blog/log4j-zero-day/

References.
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Attachments

Issue Links

is related to

ZOOKEEPER-2342 Migrate to Log4J 2.

Resolved

Activity

People

Assignee:: Chris Nauroth

Reporter:: Sai Kiran Vudutala

Votes:: 5 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 10/Dec/21 18:59

Updated:: 08/Jan/22 04:18

Resolved:: 08/Jan/22 04:18