[KAFKA-13534] Upgrade Log4j to 2.15.0 - CVE-2021-44228 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 2.7.0, 2.8.0, 3.0.0
Fix Version/s: None
Component/s: None
Labels:
None

Description

Log4j has an RCE vulnerability, see https://www.lunasec.io/docs/blog/log4j-zero-day/

References.
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Attachments

Issue Links

duplicates

KAFKA-9366 Upgrade log4j to log4j2

In Progress

is duplicated by

KAFKA-13536 Log4J2 Vulnerability zero-day exploit is going on. Will it impact kafka_2.12-2.3.0 version and do we need to upgrade?

Resolved

relates to

KAFKA-9366 Upgrade log4j to log4j2

In Progress

Activity

People

Assignee:: Unassigned

Reporter:: Sai Kiran Vudutala

Votes:: 2 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 10/Dec/21 18:57

Updated:: 04/Feb/22 07:13

Resolved:: 04/Feb/22 07:13