Bump log4j to 2.17.1 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 & CVE-2021-44832 - Githubissues

linkedin / kafka-monitor

Xinfra Monitor monitors the availability of Kafka clusters by producing synthetic workloads using end-to-end pipelines to obtain derived vital statistics - E2E latency, service produce/consume availability, offsets commit availability & latency, message loss rate and more.

https://engineering.linkedin.com/blog/2016/05/open-sourcing-kafka-monitor

Apache License 2.0

2.02k stars 443 forks source link

Bump log4j to 2.17.1 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 & CVE-2021-44832 #356

Closed zigarn closed 2 years ago

aminenafdou commented 2 years ago

Can we merge this please ?

zigarn commented 2 years ago

Ping @andrewchoi5 @Lincong

SlevinBE commented 2 years ago

Better to upgrade to log4J 2.16, as a new vulnerability was found in 2.15

zigarn commented 2 years ago

Thanks @SlevinBE! Updated.

But as the project seems to be dead...

Anyone @linkedin to merge this?

wushujames commented 2 years ago

Tagging @andrewchoi5 , who seems to have had merge permissions in the past.

zigarn commented 2 years ago

Thanks @efeg!

zigarn commented 2 years ago

@efeg: a release with this PR is planned?

rohit-korrapolu commented 2 years ago

@efeg Please share any update on the release. This is an important release we would like to have. Thanks!

efeg commented 2 years ago

A release including this commit is available here: https://github.com/linkedin/kafka-monitor/releases/tag/2.5.11

wushujames commented 2 years ago

Thank you @efeg!!

rohit-korrapolu commented 2 years ago

Thank you @efeg! Really appreciate the release.