[druid-user] Druid with log4j 2.17.1

Hi team,

is there any plan to release druid with the latest version of Log4j2.17.1

Regards,
Jagannathan

Hi Jagannathan,

Thank you for your question. Here are a couple of current resources regarding Log4Shell Vulnerability and Mitigation and upgrading. Regarding future releases, please keep monitoring this Group, GitHub, the Druid Forum, and our Slack channel. If you haven’t been invited to our Slack channel please let me know, and I will send you an invitation.

Best,

Mark

Thanks, Mark for your response on this. The latest version of Druid contains the log4j version of 2.15.0 that has known vulnerabilities. Apache team has released 2.16.0, 2.17.0 and 2.17.1. Are we not planning to have a minor release with the upgraded druid versions?

Hey! Quite possibly the best people to answer this question are the developers: you can see their ongoing conversations on the Dev List:

https://lists.apache.org/list.html?dev@druid.apache.org

  • Pete