Skip to content

Update Log4j to 2.17.0 to address CVE-2021-45105 #7933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xiangfu0 merged 1 commit into from
Dec 20, 2021
Merged

Update Log4j to 2.17.0 to address CVE-2021-45105 #7933

xiangfu0 merged 1 commit into from
Dec 20, 2021

Conversation

@neel24
Copy link
Contributor

@neel24 neel24 commented Dec 20, 2021

Description

Updating Log4j version to 2.17.0 because of CVE-2021-45105 vulnerability.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105

Upgrade Notes

Does this PR prevent a zero down-time upgrade? (Assume upgrade order: Controller, Broker, Server, Minion)

  • Yes (Please label as backward-incompat, and complete the section below on Release Notes)

Does this PR fix a zero-downtime upgrade introduced earlier?

  • Yes (Please label this as backward-incompat, and complete the section below on Release Notes)

Does this PR otherwise need attention when creating release notes? Things to consider:

  • New configuration options
  • Deprecation of configurations
  • Signature changes to public methods/interfaces
  • New plugins added or old plugins removed
  • Yes (Please label this PR as release-notes and complete the section on Release Notes)

Release Notes

Documentation

navina
navina approved these changes Dec 20, 2021
View reviewed changes
Copy link
Contributor

@navina navina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't think my review counts. Still +1

@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2021
edited
Loading

Codecov Report

Merging #7933 (6e3c23f) into master (6037cac) will decrease coverage by 43.66%.
The diff coverage is n/a.

❗ Current head 6e3c23f differs from pull request most recent head 02c63b6. Consider uploading reports for the commit 02c63b6 to get more accurate results
Impacted file tree graph

@@              Coverage Diff              @@
##             master    #7933       +/-   ##
=============================================
- Coverage     71.15%   27.49%   -43.67%     
=============================================
  Files          1593     1584        -9     
  Lines         82365    82017      -348     
  Branches      12270    12232       -38     
=============================================
- Hits          58609    22551    -36058     
- Misses        19806    57420    +37614     
+ Partials       3950     2046     -1904
Flag Coverage Δ
integration1 ?
integration2 27.49% <ø> (-0.10%) ⬇️
unittests1 ?
unittests2 ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
.../java/org/apache/pinot/spi/utils/BooleanUtils.java 0.00% <0.00%> (-100.00%) ⬇️
...ava/org/apache/pinot/spi/config/table/FSTType.java 0.00% <0.00%> (-100.00%) ⬇️
...ava/org/apache/pinot/spi/data/MetricFieldSpec.java 0.00% <0.00%> (-100.00%) ⬇️
...va/org/apache/pinot/spi/utils/BigDecimalUtils.java 0.00% <0.00%> (-100.00%) ⬇️
...java/org/apache/pinot/common/tier/TierFactory.java 0.00% <0.00%> (-100.00%) ⬇️
...a/org/apache/pinot/spi/config/table/TableType.java 0.00% <0.00%> (-100.00%) ⬇️
.../org/apache/pinot/spi/data/DimensionFieldSpec.java 0.00% <0.00%> (-100.00%) ⬇️
.../org/apache/pinot/spi/data/readers/FileFormat.java 0.00% <0.00%> (-100.00%) ⬇️
...org/apache/pinot/spi/config/table/QuotaConfig.java 0.00% <0.00%> (-100.00%) ⬇️
...org/apache/pinot/spi/config/tenant/TenantRole.java 0.00% <0.00%> (-100.00%) ⬇️
... and 1136 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6037cac...02c63b6. Read the comment docs.

@xiangfu0 xiangfu0 merged commit 93c0404 into apache:master Dec 20, 2021
xiangfu0 pushed a commit that referenced this pull request Dec 24, 2021
@neel24 @xiangfu0
Update Log4j version to 2.17.0 (#7933)
56947b2
oker1 pushed a commit to oker1/incubator-pinot that referenced this pull request Jan 3, 2022
@neel24 @oker1
Update Log4j version to 2.17.0 (apache#7933)
a63cbd8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiangfu0 xiangfu0 xiangfu0 approved these changes

+1 more reviewer

@navina navina navina approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@neel24 @codecov-commenter @xiangfu0 @navina