[ https://issues.apache.org/jira/browse/HBASE-26557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Duo Zhang resolved HBASE-26557. ------------------------------- Fix Version/s: 3.0.0-alpha-2 Hadoop Flags: Reviewed Release Note: Upgrade log4j2 to 2.15.0 for addressing CVE-2021-44228. Resolution: Fixed Merged to master. Thanks [~xytss123] for the quick action. > log4j2 has a critical RCE vulnerability > --------------------------------------- > > Key: HBASE-26557 > URL: https://issues.apache.org/jira/browse/HBASE-26557 > Project: HBase > Issue Type: Bug > Reporter: Yutong Xiao > Assignee: Yutong Xiao > Priority: Major > Fix For: 3.0.0-alpha-2 > > > Impacted log4j version: Apache Log4j 2.x <= 2.14.1 > I found that our current log4j version at master is 2.14.1. > Should upgrade the version to 2.15.0 -- This message was sent by Atlassian Jira (v8.20.1#820001)