[ https://issues.apache.org/jira/browse/ZOOKEEPER-4423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457348#comment-17457348 ]
Sai Kiran Vudutala edited comment on ZOOKEEPER-4423 at 12/10/21, 8:38 PM: -------------------------------------------------------------------------- Hi [~phunt] as per contributor on log4j it's possible for 1.x also to be impacted [https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126] Thanks for clarifying that ZK is not using any jms appender. was (Author: svudutala): Hi [~phunt] as per contributor on log4j it's possible for 1.x also to be impacted [https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126] > Upgrade Log4j to 2.15.0 - CVE-2021-44228 > ---------------------------------------- > > Key: ZOOKEEPER-4423 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4423 > Project: ZooKeeper > Issue Type: Task > Affects Versions: 3.6.0, 3.6.3, 3.7.0, 3.6.1, 3.6.2, 3.6.4 > Reporter: Sai Kiran Vudutala > Priority: Major > > Log4j has an RCE vulnerability, see > [https://www.lunasec.io/docs/blog/log4j-zero-day/] > References. > [https://github.com/advisories/GHSA-jfh8-c2jp-5v3q] > [https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126] > -- This message was sent by Atlassian Jira (v8.20.1#820001)