If anyone uses tlp-stress tool, it uses Log4j. It might not be in use most of the time, you might want to remove/upgrade the jar.
On Mon, Dec 13, 2021 at 3:58 PM Bowen Song <bo...@bso.ng> wrote: > Do you mean the log4j-over-slf4j-#.jar? If so, please read: > http://slf4j.org/log4shell.html > > On 13/12/2021 23:48, Rahul Reddy wrote: > > Hello, > > > I see this jar log4j-over-slf4j-1.7.7.jar does it have any impact on it? > Why that jar is used for ? > > > > On Sat, Dec 11, 2021 at 12:45 PM Brandon Williams <dri...@gmail.com> > wrote: > >> https://issues.apache.org/jira/browse/CASSANDRA-5883 >> >> As that ticket shows, Apache Cassandra has never used log4j2. >> >> On Sat, Dec 11, 2021 at 11:07 AM Abdul Patel <abd786...@gmail.com> wrote: >> > >> > Hi all, >> > >> > Any idea if any of open source Cassandra versions are impacted with >> log4j vulnerability which was reported on dec 9th >> >
