Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-25258

Update log4j2 version to 2.15.0-rc2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 1.11.0, 1.12.0, 1.13.0, 1.14.0
    • None
    • None
    • None

    Description

      2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.

      https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

      https://www.lunasec.io/docs/blog/log4j-zero-day/

      Flink has switched to Log4j 2 since 1.11 version.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. FLINK-25240 Update log4j2 version to 2.15.0

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. FLINK-15672 Switch to Log4j 2 by default

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              jingzhang Jing Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: