This is an automated email from the ASF dual-hosted git repository.
caiconghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git
The following commit(s) were added to refs/heads/master by this push:
new 68303ea [FE][Bug]Update log4j-web to fix a security issue (#5594)
68303ea is described below
commit 68303ea7f32d8d00064667aee71bccba8e892702
Author: zh0122 <[email protected]>
AuthorDate: Tue Apr 6 10:59:40 2021 +0800
[FE][Bug]Update log4j-web to fix a security issue (#5594)
Fix CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the
TCP socket server or UDP socket server to receive
serialized log events from another application, a
specially crafted binary payload can be sent that,
when deserialized, can execute arbitrary code.
https://www.cvedetails.com/cve/CVE-2017-5645/
---
fe/fe-core/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fe/fe-core/pom.xml b/fe/fe-core/pom.xml
index ac7e6f8..9a91ab2 100644
--- a/fe/fe-core/pom.xml
+++ b/fe/fe-core/pom.xml
@@ -74,7 +74,7 @@ under the License.
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-web</artifactId>
- <version>2.7</version>
+ <version>2.14.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
