vitess.io/vitess@v0.16.2/changelog/12.0/12.0.1/summary.md (about)

     1  ## Major Changes
     2  
     3  This patch is providing an update regarding the Apache Log4j security vulnerability (CVE-2021-44228) (#9357), along with a few bug fixes.
     4  
     5  ## Known Issues
     6  
     7  * A critical vulnerability CVE-2021-44228 in the Apache Log4j logging library was disclosed on Dec 9 2021.
     8    The project provided release `2.15.0` with a patch that mitigates the impact of this CVE. It was quickly found that the initial patch was insufficient, and additional CVEs
     9    CVE-2021-45046 and CVE-2021-44832 followed.
    10    These have been fixed in release `2.17.1`. This release of Vitess, `v12.0.1`, uses a version of Log4j below `2.17.1`, for this reason, we encourage you to use version `v12.0.3` instead, to benefit from the vulnerability patches.