Re: Log4j2 Zero Day vulnerability (CVE-2021-44228)

I have updated the blog post in https://github.com/apache/pulsar/pull/13274/files *If upgrading is not an option, you may also mitigate by adding `-Dlog4j2.formatMsgNoLookups=true` to the `PUSLAR_EXTRA_OPTS` in the `configData` section for proxy, broker, bookkeeper, zookeeper, auto-recovery, and r

Log4j2 Zero Day vulnerability (CVE-2021-44228)

Please see the blog post @ https://pulsar.apache.org/blog/ December 11, 2021 Matteo Merli <> Yesterday, a new serious vulnerability was reported regarding Log4j that can allow remote execution for attackers. The vulnerability issue is described and tracked under CVE-2021-44228