[jira] [Closed] (FLINK-25314) Update log4j2 version to 2.16.0
[ https://issues.apache.org/jira/browse/FLINK-25314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chesnay Schepler closed FLINK-25314. Resolution: Duplicate > Update log4j2 version to 2.16.0 > --- > > Key: FLINK-25314 > URL: https://issues.apache.org/jira/browse/FLINK-25314 > Project: Flink > Issue Type: Improvement >Reporter: Jinzhong Li >Priority: Not a Priority > > The description of the new vulnerability, [CVE > 2021-45046|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046], > says the fix to address > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > in Apache Log4j 2.15.0 was "incomplete in certain non-default > configurations." > > I think we need update log4j2 version to 2.16.0 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 > [https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/] > https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/ > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (FLINK-25314) Update log4j2 version to 2.16.0
[ https://issues.apache.org/jira/browse/FLINK-25314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jinzhong Li closed FLINK-25314. --- Resolution: Fixed > Update log4j2 version to 2.16.0 > --- > > Key: FLINK-25314 > URL: https://issues.apache.org/jira/browse/FLINK-25314 > Project: Flink > Issue Type: Improvement >Reporter: Jinzhong Li >Priority: Major > > The description of the new vulnerability, [CVE > 2021-45046|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046], > says the fix to address > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > in Apache Log4j 2.15.0 was "incomplete in certain non-default > configurations." > > I think we need update log4j2 version to 2.16.0 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 > [https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/] > https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/ > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
