Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-10234

CVE-2021-44228 Log4j vulnerability for apache mesos

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Not A Problem
    • 1.11.0
    • None
    • build
    • None

    Description

      Hi,

      Wanted to know if CVE-2021-44228 Log4j vulnerability is affecting Apache mesos.
      We see that log4j v1.2.17 is used while building apache mesos from source.

      Snippet from build logs:
      std=c++11 -MT jvm/org/apache/libjava_la-log4j.lo -MD -MP -MF jvm/org/apache/.deps/libjava_la-log4j.Tpo -c ../../src/jvm/org/apache/log4j.cpp -fPIC -DPIC -o jvm/org/apache/.libs/libjava_la-log4j.o
      Thanks,

      Sangita

      Attachments

        Activity

          People

            Unassigned Unassigned
            snalkar Sangita Nalkar
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: