[jira] [Created] (FLINK-21670) Bump log4j version to 2.8.2

Adam Roberts (Jira) Mon, 08 Mar 2021 07:41:04 -0800

Adam Roberts created FLINK-21670:
------------------------------------

             Summary: Bump log4j version to 2.8.2
                 Key: FLINK-21670
                 URL: https://issues.apache.org/jira/browse/FLINK-21670
             Project: Flink
          Issue Type: Bug
            Reporter: Adam Roberts



Hey everyone, another Twistlock scan done and, in the same manner as 
https://issues.apache.org/jira/browse/STORM-2528, it appears the Flink Python 
jar's impacted

 

Apparently we're using version 2.6.2 and bumping to 2.8.2 should be sufficient 
to remediate at least this potential problem 
[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645]

 

I've done this scan against both 1.13 and 1.12.2, so ideally should be fixed in 
both if possible please. Cheers!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FLINK-21670) Bump log4j version to 2.8.2

Reply via email to