scylla-code-samples icon indicating copy to clipboard operation
scylla-code-samples copied to clipboard

Published 20 hours ago verified publisher icon scylladb

[WIP] fix flink log4j CVE 2019-17571

Open tarzanek opened this issue 5 years ago • 3 comments

this is first draft

BUT I'd love to wait few days (latest mid May) till they release flink 1.11.0 which has a fix for https://issues.apache.org/jira/browse/FLINK-15672 and upgrades log4j to 2

tarzanek avatar Apr 19 '20 08:04 tarzanek

What is "CVE 2019-17571? It would be a lot easier if the subject would be a little more human readable.

On Sun, Apr 19, 2020, 4:14 AM Lubos Kosco [email protected] wrote:

this is first draft

BUT I'd love to wait few days (latest mid May) till they release flink 1.11.0 which has a fix for https://issues.apache.org/jira/browse/FLINK-15672 and upgrades log4j to 2

You can view, comment on, or merge this pull request online at:

https://github.com/scylladb/scylla-code-samples/pull/126 Commit Summary

  • fix CVE 2019-17571

File Changes

Patch Links:

  • https://github.com/scylladb/scylla-code-samples/pull/126.patch
  • https://github.com/scylladb/scylla-code-samples/pull/126.diff

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/scylladb/scylla-code-samples/pull/126, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABOSHLMG6SNWUKWHQYJGZ3TRNKXGTANCNFSM4MLWCZOA .

vladzcloudius avatar Apr 20 '20 01:04 vladzcloudius

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

tzach avatar Apr 20 '20 05:04 tzach

https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.32 is out, please update @tarzanek !

tarzanek avatar Nov 30 '21 09:11 tarzanek