gianm commented on issue #12054: URL: https://github.com/apache/druid/issues/12054#issuecomment-999010060
Hi @krishnat2, this is being discussed on the mailing list at: https://lists.apache.org/thread/06np4mml2gvyrdqkfqdjzs2dlp20n7hj We will be doing a new release with log4j 2.17, the only question is timing. We aren't doing it on the same emergency basis as the 0.22.1 release. The newly disclosed vulnerabilities are less serious, do not affect Druid in its default configuration, & have straightforward mitigations available: restore the pattern to its original state that does not reference context variables. But we will definitely do the update in our next regular release (0.23.0), and possibly sooner (0.22.2). If you are interested, keep an eye on that mailing list thread. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org