[
https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462676#comment-17462676
]
Brahma Reddy Battula commented on RANGER-3547:
----------------------------------------------
{quote}IMO, Ranger will not impact as this uses only logj 1 (1.2.17) and it's
not uses JMS appenders..
{quote}
Looks I missed, RANGER-2834 which introduced the log4j2 from branch-2.1.. So,
CVE applicable from branch-2.1...Hope we can fix in all the effected branches.
> Upgrade to use log4j 2.16.0+ version to ensure that we are using supported
> version of log4j
> -------------------------------------------------------------------------------------------
>
> Key: RANGER-3547
> URL: https://issues.apache.org/jira/browse/RANGER-3547
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 1.2.0, 2.2.0
> Reporter: Selvamohan Neethiraj
> Assignee: Ramesh Mani
> Priority: Blocker
> Fix For: 3.0.0, 2.3.0
>
>
> Upgrade to use log4j 2.16.0+ version to ensure that we are using supported
> version of log4j
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
