[GitHub] [pulsar] lhotari commented on a change in pull request #13465: [Blog] add 2.7.4 release blog

Tue, 28 Dec 2021 04:37:00 -0800 


lhotari commented on a change in pull request #13465:
URL: https://github.com/apache/pulsar/pull/13465#discussion_r775887906



##########
File path: site2/website/blog/2021-12-14-Apache-Pulsar-2-7-4.md
##########
@@ -0,0 +1,150 @@
+---
+author: Technoboy-, Anonymitaet
+title: What’s New in Apache Pulsar 2.7.4
+---
+
+The Apache Pulsar community releases version 2.7.4! 32 contributors provided 
improvements and bug fixes that delivered 98 commits.
+
+Highlights of this release are as below:
+
+- Upgrade Log4j to 2.17.0 - 
[CVE-2021-45105](https://pulsar.apache.org/blog/2021/12/11/Log4j-CVE/). 
[PR-13392](https://github.com/apache/pulsar/pull/13392)
+  
+- `ManagedLedger` can be referenced correctly when `OpAddEntry` is recycled. 
[PR-12103](https://github.com/apache/pulsar/pull/12103)
+
+- NPE does not occur on `OpAddEntry` while ManagedLedger is closing. 
[PR-12364](https://github.com/apache/pulsar/pull/12364)
+
+This blog walks through the most noteworthy changes grouped by the affected 
functionalities. For the complete list including all enhancements and bug 
fixes, check out the [Pulsar 2.7.4 Release 
Notes](https://pulsar.apache.org/en/release-notes/#274).
+
+# Notable bug fixes and enhancements
+
+### Upgrade Log4j to 2.17.0 - 
[CVE-2021-45105](https://pulsar.apache.org/blog/2021/12/11/Log4j-CVE/). 
[PR-13392](https://github.com/apache/pulsar/pull/13392)
+
+- **Issue**
+
+    A serious vulnerability was reported regarding Log4j that can allow remote 
execution for attackers. The vulnerability issue is described and tracked under 
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
+
+- **Resolution**
+  
+  Patch your systems as soon as possible by setting the Java property to 
`-Dlog4j2.formatMsgNoLookups=true` and set the environment variable 
`LOG4J_FORMAT_MSG_NO_LOOKUPS=true`. Details see [Log4j2 Zero Day vulnerability 
(CVE-2021-44228)](https://pulsar.apache.org/blog/2021/12/11/Log4j-CVE/).

Review comment:
       The resolution part is not applicable for 2.7.4




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to