Hi, I raised a JIRA [1] and PR [2] for this, I can’t see any downsides – only that it fixes critical vulnerabilities. Unless there are any concerns , could we merge this please,
Kind regards, David. [1] https://issues.apache.org/jira/browse/FLINK-37810 [2] https://github.com/apache/flink/pull/26570 From: David Radley <david_rad...@uk.ibm.com> Date: Tuesday, 13 May 2025 at 16:55 To: dev <dev@flink.apache.org> Subject: [EXTERNAL] Upgrade Flink's log4j to to 2.24.3 Hi, I notice that Flink log4j is at level 2.24.1. There are critical bugs [2] that are fixed if we move to 2.24.3. I am happy to raise a Jira, make the update and backport to v2 and v1.20 (which is currently at an even lower level), if someone is willing to merge, Kind regards, David. [1] https://github.com/apache/flink/blob/9d97eef879f11aedbd83e75bba5050c00a76bf7a/pom.xml#L136C18-L136C25 [2] https://logging.apache.org/log4j/2.x/release-notes.html#release-notes-2-24-3 Unless otherwise stated above: IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN Unless otherwise stated above: IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN
