[jira] [Created] (BIGTOP-3613) Review log4j configurations for CVE-2021-44228

Luca Toscano (Jira) Sat, 11 Dec 2021 03:22:15 -0800

Luca Toscano created BIGTOP-3613:
------------------------------------

             Summary: Review log4j configurations for CVE-2021-44228
                 Key: BIGTOP-3613
                 URL: https://issues.apache.org/jira/browse/BIGTOP-3613
             Project: Bigtop
          Issue Type: Sub-task
    Affects Versions: 3.1.0
            Reporter: Luca Toscano



Due to CVE-2021-44228, it would be great to avoid shipping 3.1 with the 
affected log4j versions, or alternatively to apply the workarounds to patch the 
issue (like -Dlog4j2.formatMsgNoLookups=true etc..)

More info: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (BIGTOP-3613) Review log4j configurations for CVE-2021-44228

Reply via email to