[
https://issues.apache.org/jira/browse/GEODE-9898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460238#comment-17460238
]
Geode Integration commented on GEODE-9898:
------------------------------------------
Seen in [acceptance-test-openjdk8
#57|https://concourse.apachegeode-ci.info/teams/main/pipelines/apache-develop-main/jobs/acceptance-test-openjdk8/builds/57]
... see [test
results|http://files.apachegeode-ci.info/builds/apache-develop-main/1.15.0-build.0739/test-results/acceptanceTest/1639519723/]
or download
[artifacts|http://files.apachegeode-ci.info/builds/apache-develop-main/1.15.0-build.0739/test-artifacts/1639519723/acceptancetestfiles-openjdk8-1.15.0-build.0739.tgz].
> bump log4j to 2.16.0
> --------------------
>
> Key: GEODE-9898
> URL: https://issues.apache.org/jira/browse/GEODE-9898
> Project: Geode
> Issue Type: Improvement
> Components: core
> Reporter: Owen Nichols
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.12.7, 1.13.6, 1.14.2, 1.15.0
>
>
> while the current jog4j 2.15.0 is sufficient to prevent CVE-2021-44228,
> 2.16.0 is recommended as it fully disables jndi lookupÂ
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
