Apache projects affected by log4j CVE-2021-44228

Following table updated with the apache product impact status . find and fix log4jshell

Apache AntNot Affected, a deprecated module uses log4j 1.x
Apache ArchivaAffected, release 2.2.6 will address this
Apache AsterixDBAffected, fixed in
Apache Calcite AvaticaAffected, update to 1.20.0
Apache CamelNot affected
Apache CloudStackNot Affected
Apache DruidAffected, update to 0.22.1
Apache EventMeshAffected
Apache FlinkAffected
Apache FortressAffected, update to 2.0.7
Apache GeodeAffected, update to 1.12.6, 1.13.5, 1.14.1
Apache GuacamoleNot Affected
Apache HadoopNot affected, uses log4j 1.x
Apache HiveAffected
Apache HTTP Server (httpd)Not affected
Apache IcebergNot Affected
Apache JenaAffected, update to 4.3.1
Apache JMeterAffected
Apache JSPWikiAffected
Apache KafkaNot Affected
Apache Log4J 1.2Not Affected, see CVE-2021-4104. Note Log4j 1.x is EOL since 2015.
Apache Log4J 2.xAffected, update to 2.16.0
Apache Log4NetNot affected
Apache MavenNot affected, Maven 3.1+ uses lsf4j simple-logger
Apache OFBizAffected, update to 18.12.03
Apache OzoneAffected, update to 1.2.1
Apache POINot affected, only uses log4j-api
Apache SkyWalkingAffected, update to 8.9.1
Apache SlingNot affected
Apache SolrAffected, update to 8.11.1
Apache SparkNot affected, uses log4j 1.x
Apache SubversionNot affected
Apache StrutsAffected
Apache TomcatNot Affected
Apache TrafficControlAffected
Apache UimaNot affected
Apache XMLBeansNot affected, only uses log4j-api
Apache ZooKeeperNot affected, uses log4j 1.x

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *