Yu Ishikawa created BEAM-13434:
----------------------------------
Summary: Bump up Apache log4j2 vulnerability to log4j-2.15.0-rc1
or later
Key: BEAM-13434
URL: https://issues.apache.org/jira/browse/BEAM-13434
Project: Beam
Issue Type: Improvement
Components: sdk-java-core
Affects Versions: 2.34.0
Reporter: Yu Ishikawa
## Overview
2.0 <= Apache log4j2 <= 2.14.1 has vulnerability.
> In most cases, developers may write error messages caused by user input into
> the log. Attackers can use this feature to construct special data request
> packets through this vulnerability, and ultimately trigger remote code
> execution.
## References
* [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
*
https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
