That is also there in the doc, the last mention:
https://hadoop.apache.org/cve_list.html
Can check the doc, just copying from there:
CVE-2021-4104 Log4Shell Vulnerability
JMSAppender in Log4j 1.2, used by all versions of Apache Hadoop, is vulnerable
to the Log4Shell attack in a similar
Hello Ayush,
Thanks for replying, however the CVE-2021-4104 which is for Log4J 1.x is also
have impact on our application as we are using Hadoop.
Can you please confirm what is the mitigation for this CVE?
Regards,
Deepti Sharma
PMP® & ITIL
From: Ayush Saxena
Sent: Monday, January 10, 2022
Hello
Thanks for joining this event.
The presentation slides (in English) is available at
https://drive.google.com/file/d/1PiZYhzxANqtoyO_nSLt_-v7aP3j17Sbg/view
The recording (in Mandarin) is available at
Hello
Thanks for joining this event.
The presentation slides (in English) is available at
https://drive.google.com/file/d/1PiZYhzxANqtoyO_nSLt_-v7aP3j17Sbg/view
The recording (in Mandarin) is available at
It is written on the website:
https://hadoop.apache.org/
Hadoop, as of today depends on log4j 1.x, which is NOT susceptible to the
attack (CVE-2021-44228).
>
> On 09-Jan-2022, at 8:19 PM, Deepti Sharma S
> wrote:
>
>
> Hello Team,
>
> As we have Log4J vulnerability CVE-2021-44228,
Hello Team,
As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you
please confirm, when we have Hadoop version release which has this
vulnerability fix and has Log4J version 2.17?
Regards,
Deepti Sharma
PMP(r) & ITIL