448e4f56aa
The Log4j version was bumped on GitHub [1] but it is still pending inclusion in a release of Apache Storm. Apply the alternative mitigation recommended by Log4j [2] of removing the JndiLookup class from the classpath. [1] https://github.com/apache/storm/pull/3427 [2] https://logging.apache.org/log4j/2.x/security.html Change-Id: Ib3ecd73f9e39e320acb2c5f0962b8af9b1a817e9
6 lines
158 B
YAML
6 lines
158 B
YAML
---
|
|
security:
|
|
- |
|
|
Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE)
|
|
vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.
|