[
https://issues.apache.org/jira/browse/MESOS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584019#comment-17584019
]
Sangita Nalkar commented on MESOS-10234:
----------------------------------------
Hello,
A gentle reminder since we are waiting for your response.
Could you please provide an update if the log4j version shipped with zookeeper
has been updated or would be updated in the coming release?
Thanks and Regards,
Sangita
> CVE-2021-44228 Log4j vulnerability for apache mesos
> ---------------------------------------------------
>
> Key: MESOS-10234
> URL: https://issues.apache.org/jira/browse/MESOS-10234
> Project: Mesos
> Issue Type: Bug
> Components: build
> Affects Versions: 1.11.0
> Reporter: Sangita Nalkar
> Priority: Critical
>
> Hi,
> Wanted to know if CVE-2021-44228 Log4j vulnerability is affecting Apache
> mesos.
> We see that log4j v1.2.17 is used while building apache mesos from source.
> Snippet from build logs:
> std=c++11 -MT jvm/org/apache/libjava_la-log4j.lo -MD -MP -MF
> jvm/org/apache/.deps/libjava_la-log4j.Tpo -c
> ../../src/jvm/org/apache/log4j.cpp -fPIC -DPIC -o
> jvm/org/apache/.libs/libjava_la-log4j.o
> Thanks,
> Sangita
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
