ITmob-Ly
发布于 2021-12-28 / 882 阅读
0

受Log4j漏洞影响的Apache项目

ApacheLog4jLogo1024x576.jpg.jpg

受 log4j CVE-2021-44228 影响的 Apache 项目

此条目是 Apache Security Team 在2021 年 12 月 14 日发布,收集 ASF 项目提供的声明的链接,声明是否受 CVE-2021-44228(Log4j2 中的安全问题)的影响。可以根据此条目进行排查。

原文地址:Apache projects affected by log4j

ProjectStatus
Apache AntNot Affected, a deprecated module uses log4j 1.x
Apache ArchivaAffected, release 2.2.6 will address this
Apache AsterixDBAffected, fixed in 0.9.7.1
Apache Calcite AvaticaAffected, update to 1.20.0
Apache CamelNot affected
Apache CloudStackNot Affected
Apache DruidAffected, update to 0.22.1
Apache EventMeshAffected
Apache FlinkAffected
Apache FortressAffected, update to 2.0.7
Apache GeodeAffected, update to 1.12.6, 1.13.5, 1.14.1
Apache GuacamoleNot Affected
Apache HadoopNot affected, uses log4j 1.x
Apache HiveAffected
Apache HTTP Server (httpd)Not affected
Apache IcebergNot Affected
Apache JamesAffected, update to 3.6.1
Apache JenaAffected, update to 4.3.1
Apache JMeterAffected
Apache JSPWikiAffected, update to 2.11.1
Apache KafkaNot Affected
Apache Log4J 1.2Not Affected, see CVE-2021-4104. Note Log4j 1.x is EOL since 2015.
Apache Log4J 2.xAffected, update to 2.16.0
Apache Log4NetNot affected
Apache LuceneAffected, update to 8.11.1
Apache MavenNot affected, Maven 3.1+ uses lsf4j simple-logger
Apache OFBizAffected, update to 18.12.03
Apache OzoneAffected, update to 1.2.1
Apache POINot affected, only uses log4j-api
Apache SkyWalkingAffected, update to 8.9.1
Apache SlingNot affected
Apache SolrAffected, update to 8.11.1
Apache SparkNot affected, uses log4j 1.x
Apache SubversionNot affected
Apache StrutsAffected
Apache TikaAffected (1.x is not affected as uses log4j 1.x)
Apache TomcatNot Affected
Apache TrafficControlAffected
Apache UimaNot affected
Apache XMLBeansNot affected, only uses log4j-api
Apache ZooKeeperNot affected, uses log4j 1.x