presto icon indicating copy to clipboard operation
presto copied to clipboard

Published 20 hours ago verified publisher icon prestodb

Upgrade log4j to get rid of CVE-2021-44228

Open cocozianu opened this issue 3 years ago • 3 comments

A cherry pick of https://github.com/prestodb/presto/pull/17098 which was more urgent for the release-0.267 branch

Test plan

mvn depependency:tree

after the change show we bring in log4j 2.16.0 packages (whereas before we brought vulnerable packages)

== NO RELEASE NOTE ==

cocozianu avatar Dec 14 '21 22:12 cocozianu

shall we upgrade to log4j 2.17? seems 2.16 is also vulnerable

zhenxiao avatar Dec 28 '21 03:12 zhenxiao

Saw this PR https://github.com/prestodb/presto/pull/17155 but it seems it's inactive. cc @tdcmeehan

yingsu00 avatar Jan 24 '22 08:01 yingsu00

This pull request has been automatically marked as stale because it has not had recent activity. If you'd still like this PR merged, please comment on the task, make sure you've addressed reviewer comments, and rebase on the latest master. Thank you for your contributions!

stale[bot] avatar Sep 21 '22 11:09 stale[bot]