Hello all, this discussion is related to a Log4j2 vulnerability. As you may be aware, there has been a critical vulnerability in Log4j2, the Java Logging Library,
that could result in Remote Code Execution (RCE) if an affected version of log4j (2.0 <= log4j <= 2.15.0) logs an attacker-controlled string value without proper validation. Please see more details on CVE-2021-44228 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>. We currently believe that the Apache CarbonData platform is not impacted. Apache CarbonData does not directly use a version of log4j known to be affected by the vulnerability. We have reviewed the code and run the vulnerability tool, as per the tool report, these three vulnerabilities (CVE-2021-44228, CVE-2021-45046,CVE-2021-45105) are not identified. Regards, Indhumathi M
