Hi users, I just add to it that there was recently added a dependency check ant target (by myself) to scan the deps on CVE's. People can execute that themselves by "ant dependency-check" and it will scan the database of vulnerabilities automatically against Cassandra libraries we ship.
Regards On Sat, 11 Dec 2021 at 18:44, Brandon Williams <dri...@gmail.com> wrote: > > https://issues.apache.org/jira/browse/CASSANDRA-5883 > > As that ticket shows, Apache Cassandra has never used log4j2. > > On Sat, Dec 11, 2021 at 11:07 AM Abdul Patel <abd786...@gmail.com> wrote: > > > > Hi all, > > > > Any idea if any of open source Cassandra versions are impacted with log4j > > vulnerability which was reported on dec 9th
