Details
-
Umbrella
-
Status: Resolved
-
Major
-
Resolution: Done
-
None
-
None
-
None
Description
Log4j just release version 2.16.0 where jndi is turned off by default. Based on the release announcement it is not required to fix CVE-2021-44228 but recommended.
https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
Attachments
Issue Links
- is a child of
-
HBASE-26560 Address recent the log4j2 CVEs
-
- Resolved
-
There are no Sub-Tasks for this issue.