[jira] [Closed] (FLINK-25314) Update log4j2 version to 2.16.0

Jinzhong Li (Jira) Tue, 14 Dec 2021 19:59:04 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-25314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jinzhong Li closed FLINK-25314.
-------------------------------
    Resolution: Fixed

> Update log4j2 version to 2.16.0
> -------------------------------
>
>                 Key: FLINK-25314
>                 URL: https://issues.apache.org/jira/browse/FLINK-25314
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Jinzhong Li
>            Priority: Major
>
> The description of the new vulnerability, [CVE 
> 2021-45046|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046], 
> says the fix to address 
> [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]
>  in Apache Log4j 2.15.0 was "incomplete in certain non-default 
> configurations." 
>  
> I think we need update log4j2 version to 2.16.0
>  
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
> [https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/]
> https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (FLINK-25314) Update log4j2 version to 2.16.0

Reply via email to