[ https://issues.apache.org/jira/browse/GEODE-9898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460100#comment-17460100 ]
Geode Integration commented on GEODE-9898: ------------------------------------------ Seen on support/1.13 in [upgrade-test-openjdk11 #22|https://concourse.apachegeode-ci.info/teams/main/pipelines/apache-support-1-13-main/jobs/upgrade-test-openjdk11/builds/22] ... see [test results|http://files.apachegeode-ci.info/builds/apache-support-1-13-main/1.13.6-build.0629/test-results/upgradeTest/1639576580/] or download [artifacts|http://files.apachegeode-ci.info/builds/apache-support-1-13-main/1.13.6-build.0629/test-artifacts/1639576580/upgradetestfiles-openjdk11-1.13.6-build.0629.tgz]. > bump log4j to 2.16.0 > -------------------- > > Key: GEODE-9898 > URL: https://issues.apache.org/jira/browse/GEODE-9898 > Project: Geode > Issue Type: Improvement > Components: core > Reporter: Owen Nichols > Priority: Major > Labels: pull-request-available > Fix For: 1.12.7, 1.13.6, 1.14.2, 1.15.0 > > > while the current jog4j 2.15.0 is sufficient to prevent CVE-2021-44228, > 2.16.0 is recommended as it fully disables jndi lookup -- This message was sent by Atlassian Jira (v8.20.1#820001)