The Helm chart got automatically released after merging the PR.
https://pulsar.apache.org/charts/index.yaml shows the new chart version
2.7.6 which contains the fix.
The Helm chart will now add -Dlog4j2.formatMsgNoLookups=true to Java
options. This doesn't apply to Pulsar Functions. For Pulsar Fun
I can confirm that Pulsar is exploitable with CVE-2021-44228 .
I'd like to propose releasing apache/pulsar-helm-chart after the workaround
for CVE-2021-44228, PR https://github.com/apache/pulsar-helm-chart/pull/186
has been merged.
Is it possible to expedite the decision about releasing this? I'm
