'Zookeeper - Due Date for Log4J Upgrade

Log4J version (1.x) used by Apache Zookeeper exposes users to the following CVE-s:

Critical -

  1. CVE-2019-17571
  2. CVE-2022-23305
  3. CVE-2022-23307

High -

  1. CVE-2022-23302
  2. CVE-2021-4104

Low -

  1. CVE-2020-9488

When (on which release) will Zookeeper be upgraded to the latest Log4J release? is there a workaround? Thanks.

log4japache-zookeeper


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Unable to read additional data from client session id

Configure zookeeper for kafka

Kafka Error while creating ACLs NoAuth for /kafka-acl/TransactionalId

multi-broker kafka InvalidReplicationFactorException

Where is the error log file destination for Zookeeper distributed with Kafka?

Flink TaskManager not reconnecting to the new Jobmanager

Unable to connect Zookeeper in gke cluster

Docker - library initialization failed - unable to allocate file descriptor table - out of memory

HBase Shell - org.apache.hadoop.hbase.ipc.ServerNotRunningYetException: Server is not running yet

Curator disconnects from zookeeper when IPs change even when using DNS names in connection string

Error in Zookeeper : Unreasonable length = 308375649 when creating topic in Kafka

Can Apache ZooKeeper 4lw (FourLetterWord) be used with mTLS (mutual Transport Layer Security)?

why connect zookeeper take a long time on windows?

Permission denied running Zookeeper

Kafaka Subscriber not receiving the messages