Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump log4j to 2.17.1 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 & CVE-2021-44832 #356

Merged
merged 4 commits into from
Jan 24, 2022

Conversation

zigarn
Copy link
Contributor

@zigarn zigarn commented Dec 13, 2021

No description provided.

@aminenafdou
Copy link

Can we merge this please ?

Copy link

@aminenafdou aminenafdou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we merge this please !!

@zigarn
Copy link
Contributor Author

zigarn commented Dec 14, 2021

Ping @andrewchoi5 @Lincong

@SlevinBE
Copy link
Contributor

Better to upgrade to log4J 2.16, as a new vulnerability was found in 2.15

@zigarn zigarn changed the title Bump log4j to 2.15.0 for CVE-2021-44228 Bump log4j to 2.16.0 for CVE-2021-44228+CVE-2021-45046 Dec 15, 2021
@zigarn zigarn changed the title Bump log4j to 2.16.0 for CVE-2021-44228+CVE-2021-45046 Bump log4j to 2.16.0 for CVE-2021-44228 & CVE-2021-45046 Dec 15, 2021
@zigarn
Copy link
Contributor Author

zigarn commented Dec 15, 2021

Thanks @SlevinBE! Updated.

But as the project seems to be dead...

Anyone @linkedin to merge this?

@wushujames
Copy link

Tagging @andrewchoi5 , who seems to have had merge permissions in the past.

@zigarn zigarn changed the title Bump log4j to 2.16.0 for CVE-2021-44228 & CVE-2021-45046 Bump log4j to 2.17.0 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 Dec 19, 2021
@efeg efeg changed the title Bump log4j to 2.17.0 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 Bump log4j to 2.17.1 for CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105 & CVE-2021-44832 Jan 24, 2022
@efeg efeg merged commit 77f9655 into linkedin:master Jan 24, 2022
@zigarn zigarn deleted the patch-1 branch January 24, 2022 17:01
@zigarn
Copy link
Contributor Author

zigarn commented Jan 24, 2022

Thanks @efeg!

@zigarn
Copy link
Contributor Author

zigarn commented Jan 25, 2022

@efeg: a release with this PR is planned?

@rohit-korrapolu
Copy link

@efeg Please share any update on the release. This is an important release we would like to have. Thanks!

@efeg
Copy link
Contributor

efeg commented Feb 4, 2022

A release including this commit is available here:
https://github.com/linkedin/kafka-monitor/releases/tag/2.5.11

@wushujames
Copy link

Thank you @efeg!!

@rohit-korrapolu
Copy link

Thank you @efeg! Really appreciate the release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants