[jira] [Commented] (FLINK-25295) Update Log4j to 2.16.0

Ada Wong (Jira) Tue, 14 Dec 2021 04:07:51 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-25295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459111#comment-17459111
 ]


Ada Wong commented on FLINK-25295:
----------------------------------

cool !

> Update Log4j to 2.16.0
> ----------------------
>
>                 Key: FLINK-25295
>                 URL: https://issues.apache.org/jira/browse/FLINK-25295
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: API / Core
>            Reporter: Martijn Visser
>            Assignee: Martijn Visser
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 1.15.0, 1.13.5, 1.14.2
>
>
> Log4j 2.16.0 has been released 
> https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
> This version removes message lookups and disables JNDI by default and results 
> in a hardening of the default behaviour and configuration. 
> Just to be clear, this dependency upgrade is not required to fix 
> CVE-2021-44228. That has already been covered by 
> https://issues.apache.org/jira/browse/FLINK-25240



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (FLINK-25295) Update Log4j to 2.16.0

Reply via email to