[jira] [Commented] (MESOS-10234) CVE-2021-44228 Log4j vulnerability for apache mesos

Qian Zhang (Jira) Fri, 26 Aug 2022 02:09:59 -0700


    [ 
https://issues.apache.org/jira/browse/MESOS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17585253#comment-17585253
 ]


Qian Zhang commented on MESOS-10234:
------------------------------------

According to [https://blogs.apache.org/security/entry/cve-2021-44228,] it seems 
ZooKeeper is not affected by 
[CVE-2021-44228|https://www.cve.org/CVERecord?id=CVE-2021-44228].

> CVE-2021-44228 Log4j vulnerability for apache mesos
> ---------------------------------------------------
>
>                 Key: MESOS-10234
>                 URL: https://issues.apache.org/jira/browse/MESOS-10234
>             Project: Mesos
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 1.11.0
>            Reporter: Sangita Nalkar
>            Priority: Critical
>
> Hi,
> Wanted to know if CVE-2021-44228 Log4j vulnerability is affecting Apache 
> mesos.
> We see that log4j v1.2.17 is used while building apache mesos from source.
> Snippet from build logs:
> std=c++11 -MT jvm/org/apache/libjava_la-log4j.lo -MD -MP -MF 
> jvm/org/apache/.deps/libjava_la-log4j.Tpo -c 
> ../../src/jvm/org/apache/log4j.cpp  -fPIC -DPIC -o 
> jvm/org/apache/.libs/libjava_la-log4j.o
> Thanks,
> Sangita



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MESOS-10234) CVE-2021-44228 Log4j vulnerability for apache mesos

Reply via email to