[jira] [Commented] (FLINK-39146) Update log4j to 2.25.3

Cameron (Jira) Tue, 24 Feb 2026 03:42:58 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-39146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060686#comment-18060686
 ]


Cameron commented on FLINK-39146:
---------------------------------

The PR for this is already available. It was originally a Hotfix, but I was 
told that CVEs need Jira tickets
https://github.com/apache/flink/pull/27512

> Update log4j to 2.25.3
> ----------------------
>
>                 Key: FLINK-39146
>                 URL: https://issues.apache.org/jira/browse/FLINK-39146
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Cameron
>            Priority: Major
>
> log4j-core 2.24.3 contains 
> [CVE-2025-68161|https://github.com/advisories/GHSA-vc5p-v9hr-52mj]
> Updating to 2.25.3 resolves the CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-39146) Update log4j to 2.25.3

Reply via email to