This issue is being tracked on ZOOKEEPER-4423. ZK 3.4 does not use log4j 2.x - all versions of zk currently use log4j 1.x.
Regards, Patrick On Mon, Dec 13, 2021 at 4:02 AM Prasanna kumar < [email protected]> wrote: > Could anyone confirm the same on 3.4 versions? > > On Sun, Dec 12, 2021 at 9:58 AM tison <[email protected]> wrote: > > > Hi Anchal, > > > > I don't speak on behalf of the PMC but it seems ZK just uses log4j 1.x, > not > > the affected version. > > > > Best, > > tison. > > > > > > Anchal Sharma2 <[email protected]> 于2021年12月12日周日 12:19写道: > > > > > Hi All, > > > > > > Any one knows impact of Log4J security vulnerability CVE-2021-44228 on > > > zookeeper (version 3.5.8) and mitigation ?I couldn't find any news on > > > zookeeper website . > > > > > > Thanks > > > Anchal Sharma > > > > > > > > >
