[jira] [Created] (FLINK-23315) Bump log4j to 2.14.1 for version 1.13.2

Guilaume Kermorgant (Jira) Thu, 08 Jul 2021 05:33:06 -0700

Guilaume Kermorgant created FLINK-23315:
-------------------------------------------


             Summary: Bump log4j to 2.14.1 for version 1.13.2
                 Key: FLINK-23315
                 URL: https://issues.apache.org/jira/browse/FLINK-23315
             Project: Flink
          Issue Type: Improvement
            Reporter: Guilaume Kermorgant
             Fix For: 1.13.2


Flink 1.13 is currently [relying on log4j 
2.12.1|[https://github.com/apache/flink/blob/release-1.13/pom.xml#L110],] which 
has a [low severity 
vulnerability|[https://nvd.nist.gov/vuln/detail/CVE-2020-9488]|https://nvd.nist.gov/vuln/detail/CVE-2020-9488].]

This is fixed in Log4j 2.13.1.

Flink 1.14 will be released with Log4j 2.14.1, c.f. 
[FLINK-22407|https://issues.apache.org/jira/browse/FLINK-22407]

It would be nice for us to have it in Flink 1.13.2 as well, if the community 
thinks it's not a bad idea; this could also be a good opportunity for me to 
open a first PR in the Flink repo.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FLINK-23315) Bump log4j to 2.14.1 for version 1.13.2

Reply via email to