Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-45105: Bumping Log4j to 2.17.0 on elasticsearch5, ignite, and voltdb #1583

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

CVE-2021-45105: Bumping Log4j to 2.17.0 on elasticsearch5, ignite, and voltdb #1583

wants to merge 1 commit into from

Conversation

filipecosta90
Copy link

Following up on Security Vulnerability CVE-2021-45105

elukey added a commit to elukey/bigtop that referenced this pull request Dec 28, 2021
@elukey
BIGTOP-3626: Upgrade log4j dependencies for ycsb
30bcddf 
At the time of writing upstream didn't release any official fix,
but brianfrankcooper/YCSB#1583 seems
taking care of it.

Credits for the upstream fix: Filipe Oliveira <[email protected]>
@elukey elukey mentioned this pull request Dec 28, 2021
Merged
elukey added a commit to apache/bigtop that referenced this pull request Dec 31, 2021
@elukey
BIGTOP-3626: Upgrade log4j dependencies for ycsb (#848)
265e891 
At the time of writing upstream didn't release any official fix,
but brianfrankcooper/YCSB#1583 seems
taking care of it.

Credits for the upstream fix: Filipe Oliveira <[email protected]>
@elukey
Copy link

elukey commented Dec 31, 2021

@filipecosta90 Thanks a lot for the patch, it has been included in Apache Bigtop's ycsb package :)

elukey added a commit to elukey/bigtop that referenced this pull request Dec 31, 2021
@elukey
BIGTOP-3626: Upgrade ycsb and its log4j dependencies
becf66e 
At the time of writing upstream didn't release any official fix
for the lo4j CVEs, but brianfrankcooper/YCSB#1583 seems taking care of it.
Credits for the upstream fix: Filipe Oliveira <[email protected]>

This change also bumps ycsb to its latest upstream, to allow the log4j
patch to be applied cleanly.
elukey added a commit to elukey/bigtop that referenced this pull request Dec 31, 2021
@elukey
BIGTOP-3626: Upgrade ycsb and its log4j dependencies
13c36c0 
At the time of writing upstream didn't release any official fix
for the lo4j CVEs, but brianfrankcooper/YCSB#1583 seems taking care of it.
Credits for the upstream fix: Filipe Oliveira <[email protected]>

This change also bumps ycsb to its latest upstream, to allow the log4j
patch to be applied cleanly.
@elukey elukey mentioned this pull request Dec 31, 2021
Merged
elukey added a commit to apache/bigtop that referenced this pull request Jan 8, 2022
@elukey
BIGTOP-3626: Upgrade ycsb and its log4j dependencies (#849)
a4131bb 
At the time of writing upstream didn't release any official fix
for the lo4j CVEs, but brianfrankcooper/YCSB#1583 seems taking care of it.
Credits for the upstream fix: Filipe Oliveira <[email protected]>

This change also bumps ycsb to its latest upstream, to allow the log4j
patch to be applied cleanly.
iwasakims pushed a commit to apache/bigtop that referenced this pull request Jan 11, 2022
@elukey @iwasakims
BIGTOP-3626: Upgrade log4j dependencies for ycsb (#848)
be98788 
At the time of writing upstream didn't release any official fix,
but brianfrankcooper/YCSB#1583 seems
taking care of it.

Credits for the upstream fix: Filipe Oliveira <[email protected]>

(cherry picked from commit 265e891)
@busbey busbey added the security label Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gkorland gkorland gkorland approved these changes

Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@filipecosta90 @elukey @gkorland @busbey