The Apache Flink community has released emergency bugfix versions of
Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
These releases include a version upgrade for Log4j to address
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
We highly recommend all users to upgrade to the respective patch release.
The releases are available for download at:
https://flink.apache.org/downloads.html
Please check out the release blog post for further details:
https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
Regards,
Chesnay