Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Java] Bump log4j 2.17.0 to 2.17.1 #21373

Merged
merged 1 commit into from
Jan 5, 2022
Merged

[Java] Bump log4j 2.17.0 to 2.17.1 #21373

merged 1 commit into from
Jan 5, 2022

Conversation

qbphilip
Copy link
Contributor

@qbphilip qbphilip commented Jan 4, 2022

Fixes log4j vulnerability CVE-2021-44832

Why are these changes needed?

New log4j version fixes vulnerability:

Related issue number

Fixes #21372

Checks

  • I've run scripts/format.sh to lint the changes in this PR.
  • I've included any doc changes needed for https://docs.ray.io/en/master/.
  • I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
  • Testing Strategy
    • Unit tests
    • Release tests
    • This PR is not tested :(

@qbphilip
Bump log4j 2.17.0 to 2.17.1
519698a 
Fixes log4j vulnerability CVE-2021-44832
jovany-wang
jovany-wang approved these changes Jan 4, 2022
View reviewed changes
Copy link
Contributor

@jovany-wang jovany-wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@jovany-wang jovany-wang self-assigned this Jan 4, 2022
@qbphilip
Copy link
Contributor Author

qbphilip commented Jan 4, 2022

I will need help with the failing Java tests, is this related to the version bump?

@jovany-wang
Copy link
Contributor

jovany-wang commented Jan 4, 2022
edited
Loading

I will need help with the failing Java tests, is this related to the version bump?

I believe it's not related.

@jovany-wang jovany-wang merged commit 8884cf0 into ray-project:master Jan 5, 2022
@jovany-wang
Copy link
Contributor

Thanks for you upgrading :)

@pcmoritz pcmoritz mentioned this pull request Jan 5, 2022
Closed
2 tasks
@qbphilip qbphilip deleted the patch-1 branch January 5, 2022 08:48
architkulkarni pushed a commit that referenced this pull request Jan 5, 2022
@qbphilip @architkulkarni
[Java] Bump log4j 2.17.0 to 2.17.1 (#21373)
25595a3 
New log4j version fixes vulnerability:
* https://nvd.nist.gov/vuln/detail/CVE-2021-44832
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jovany-wang jovany-wang jovany-wang approved these changes

@ericl ericl Awaiting requested review from ericl

@fishbone fishbone Awaiting requested review from fishbone

@kfstorm kfstorm Awaiting requested review from kfstorm kfstorm is a code owner

@raulchen raulchen Awaiting requested review from raulchen raulchen is a code owner

Assignees

@jovany-wang jovany-wang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] Fix log4j vulnerability CVE-2021-44832
2 participants
@qbphilip @jovany-wang