, 2021 12:46 PM
To: users@zeppelin.apache.org
Cc: dev
Subject: RE: Log4J Vulnerability
Thanks Markus, that confirms my understanding.
Also, I believe log4j1 is at end-of-life and susceptible to other security
vulnerabilities which is why I’m looking forward to an official statement from
the
: users@zeppelin.apache.org
Cc: dev
Subject: Re: Log4J Vulnerability
*** External email: use caution ***
1.2.17 is from the old 1.0 branch and not affected by CVE-2021-44228. Versions
1.* never had the JNDI lookup code.
It is only log4j 2 that is vulnerable. Fixed in 2.15 and an enhanced fix in
gt;> Is Zeppelin affected by the recently discovered log4j vulnerability?
>>
>>
>>
>> I was not able to find an official announcement. Thanks.
>>
>> --
>> The information contained in this e-mail message is intended only for the
-44228 by virtue of targeting the older End of
life log4j1?
If so, is there a plan to patch? Otherwise, is there an official announcement?
From: Jack Park
Sent: Thursday, December 16, 2021 11:40 AM
To: users@zeppelin.apache.org
Cc: dev
Subject: Re: Log4J Vulnerability
*** External email: use
rote:
> Is Zeppelin affected by the recently discovered log4j vulnerability?
>
>
>
> I was not able to find an official announcement. Thanks.
>
> --
> The information contained in this e-mail message is intended only for the
> personal and confidenti
Is Zeppelin affected by the recently discovered log4j vulnerability?
I was not able to find an official announcement. Thanks.
The information contained in this e-mail message is intended only for the
personal and confidential use of the recipient(s) named above
