Thank you all for the quick response on the log4j2 vulnerability problem and working overtime on this patch.
On Sat, Dec 11, 2021 at 5:37 PM Jihoon Son <jihoon...@apache.org> wrote: > The Apache Druid team is proud to announce the release of Apache Druid > 0.22.1. > Druid is a high performance analytics data store for event-driven data. > > Apache Druid 0.22.1 is a bug fix release that fixes some security > issues. Major fixes include: > > - Update log4j to 2.15.0 to address CVE-2021-44228 > - JsonConfigurator no longer logs sensitive properties > - Update axios to 0.21.4 to address CVE-2021-3749 > - Update netty4 to 4.1.68 to address CVE-2021-37136 and CVE-2021-37137 > > Source and binary distributions can be downloaded from: > https://druid.apache.org/downloads.html > > Release notes are at: > https://github.com/apache/druid/releases/tag/druid-0.22.1 > > A big thank you to all the contributors in this milestone release! > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > For additional commands, e-mail: dev-h...@druid.apache.org > >
