[jira] [Commented] (ARROW-15058) [Java] Update log4j2 version to 2.15.0 in performance module

Ada Wong (Jira) Sun, 19 Dec 2021 07:32:05 -0800


    [ 
https://issues.apache.org/jira/browse/ARROW-15058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462214#comment-17462214
 ]


Ada Wong commented on ARROW-15058:
----------------------------------

Now we could bump to 2.17.0 https://logging.apache.org/log4j/2.x/security.html

> [Java] Update log4j2 version to 2.15.0 in performance module
> ------------------------------------------------------------
>
>                 Key: ARROW-15058
>                 URL: https://issues.apache.org/jira/browse/ARROW-15058
>             Project: Apache Arrow
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: 6.0.1
>            Reporter: Ada Wong
>            Assignee: Liya Fan
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> 2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.
> [https://logging.apache.org/log4j/2.x/security.html]
> [https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (ARROW-15058) [Java] Update log4j2 version to 2.15.0 in performance module

Reply via email to