[ https://issues.apache.org/jira/browse/HADOOP-17221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17483367#comment-17483367 ]
Keegan Witt edited comment on HADOOP-17221 at 1/27/22, 6:58 PM: ---------------------------------------------------------------- Short-term, you might look into reaload4j (https://reload4j.qos.ch/) instead. See related discussions in HADOOP-18088, HBASE-26691, and ZOOKEEPER-4455. was (Author: keegan): Short-term, you might look into reaload4j (https://reload4j.qos.ch/) instead. See related discussions in HBASE-26691 and ZOOKEEPER-4455. > update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571) > --------------------------------------------------------------------- > > Key: HADOOP-17221 > URL: https://issues.apache.org/jira/browse/HADOOP-17221 > Project: Hadoop Common > Issue Type: Bug > Reporter: Brahma Reddy Battula > Assignee: Brahma Reddy Battula > Priority: Major > Attachments: HADOOP-17221-001.patch, image-2020-08-25-07-39-09-201.png > > > Currentlly there are no active release under 1.X in log4j and log4j2 is > incompatiable to upgrade (see HADOOP-16206 ) for more details. > But following CVE is reported on log4j 1.2.17..I think,we should consider to > update to > Atlassian([https://mvnrepository.com/artifact/log4j/log4j/1.2.17-atlassian-0.4]) > or redhat versions > [https://nvd.nist.gov/vuln/detail/CVE-2019-17571] -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org