Announcement: Apache Druid 0.22.1 release

Apache Druid 0.22.1 is a bug fix release that fixes several security issues, including log4j. The 0.22.1 build with the log4j fix is live and ready for download!

https://druid.apache.org/downloads.html

Release notes are at: Release druid-0.22.1 · apache/druid · GitHub

Hi Jelena,

Is there a plan to backport this fix to the older (earlier) versions of Druid?

I think you’ll find the information you need here:

1 Like

Also surfacing conversations elsewhere:

There are no plans to backport this into older versions of Apache Druid, if you are running an older version of Druid and can not update to 0.22.1 you should apply the mitigation measures listed in https://lists.apache.org/thread/r5pf1vf0758cv4pszcz61pbk34kw02y4 (or in my post: Log4jShell Vulnerability and Mitigation).