[jira] [Closed] (FLINK-25295) Update Log4j to 2.16.0

Chesnay Schepler (Jira) Tue, 14 Dec 2021 14:14:04 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-25295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Chesnay Schepler closed FLINK-25295.
------------------------------------
    Fix Version/s: 1.11.6
                   1.12.7
       Resolution: Fixed

master: d5e0d9c68813e05e141516003c1e82b65ec7ccdf
1.14.3: 31112cafda3f62a61bf1e4b26f253595d3fe25dc
1.13.6: 809b059aa69f1f5049135671eb429287dc944268

There will be an additional set of comments exclusively for the 
1.14.2/1.13.5/1.12.7/1.11.6 release tags.

> Update Log4j to 2.16.0
> ----------------------
>
>                 Key: FLINK-25295
>                 URL: https://issues.apache.org/jira/browse/FLINK-25295
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: API / Core
>            Reporter: Martijn Visser
>            Assignee: Martijn Visser
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 1.15.0, 1.11.6, 1.12.7, 1.13.5, 1.14.2
>
>
> Log4j 2.16.0 has been released 
> https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
> This version removes message lookups and disables JNDI by default and results 
> in a hardening of the default behaviour and configuration. 
> Just to be clear, this dependency upgrade is not required to fix 
> CVE-2021-44228. That has already been covered by 
> https://issues.apache.org/jira/browse/FLINK-25240



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (FLINK-25295) Update Log4j to 2.16.0

Reply via email to