[jira] [Created] (FLINK-25295) Update Log4j to 2.16.0

Martijn Visser (Jira) Tue, 14 Dec 2021 00:06:52 -0800

Martijn Visser created FLINK-25295:
--------------------------------------

             Summary: Update Log4j to 2.16.0
                 Key: FLINK-25295
                 URL: https://issues.apache.org/jira/browse/FLINK-25295
             Project: Flink
          Issue Type: Technical Debt
          Components: API / Core
            Reporter: Martijn Visser
             Fix For: 1.15.0, 1.13.5, 1.14.2



Log4j 2.16.0 has been released 
https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4

This version removes message lookups and disables JNDI by default and results 
in a hardening of the default behaviour and configuration. 

Just to be clear, this dependency upgrade is not required to fix 
CVE-2021-44228. That has already been covered by 
https://issues.apache.org/jira/browse/FLINK-25240



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (FLINK-25295) Update Log4j to 2.16.0

Reply via email to