Hello Ayush, Thanks for replying, however the CVE-2021-4104 which is for Log4J 1.x is also have impact on our application as we are using Hadoop.
Can you please confirm what is the mitigation for this CVE? Regards, Deepti Sharma PMP® & ITIL From: Ayush Saxena <ayush...@gmail.com> Sent: Monday, January 10, 2022 3:17 AM To: Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> Cc: user@hadoop.apache.org Subject: Re: Apache Hadoop Fix for CVE-2021-44228, CVSS 10.0 (Critical) It is written on the website: https://hadoop.apache.org/ Hadoop, as of today depends on log4j 1.x, which is NOT susceptible to the attack (CVE-2021-44228). On 09-Jan-2022, at 8:19 PM, Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid<mailto:deepti.s.sha...@ericsson.com.invalid>> wrote: Hello Team, As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you please confirm, when we have Hadoop version release which has this vulnerability fix and has Log4J version 2.17? Regards, Deepti Sharma PMP® & ITIL