受Log4j漏洞影响的Apache项目

受 log4j CVE-2021-44228 影响的 Apache 项目

此条目是 Apache Security Team 在2021 年 12 月 14 日发布，收集 ASF 项目提供的声明的链接，声明是否受 CVE-2021-44228（Log4j2 中的安全问题）的影响。可以根据此条目进行排查。

原文地址：Apache projects affected by log4j

Project	Status
Apache Ant	Not Affected, a deprecated module uses log4j 1.x
Apache Archiva	Affected, release 2.2.6 will address this
Apache AsterixDB	Affected, fixed in 0.9.7.1
Apache Calcite Avatica	Affected, update to 1.20.0
Apache Camel	Not affected
Apache CloudStack	Not Affected
Apache Druid	Affected, update to 0.22.1
Apache EventMesh	Affected
Apache Flink	Affected
Apache Fortress	Affected, update to 2.0.7
Apache Geode	Affected, update to 1.12.6, 1.13.5, 1.14.1
Apache Guacamole	Not Affected
Apache Hadoop	Not affected, uses log4j 1.x
Apache Hive	Affected
Apache HTTP Server (httpd)	Not affected
Apache Iceberg	Not Affected
Apache James	Affected, update to 3.6.1
Apache Jena	Affected, update to 4.3.1
Apache JMeter	Affected
Apache JSPWiki	Affected, update to 2.11.1
Apache Kafka	Not Affected
Apache Log4J 1.2	Not Affected, see CVE-2021-4104. Note Log4j 1.x is EOL since 2015.
Apache Log4J 2.x	Affected, update to 2.16.0
Apache Log4Net	Not affected
Apache Lucene	Affected, update to 8.11.1
Apache Maven	Not affected, Maven 3.1+ uses lsf4j simple-logger
Apache OFBiz	Affected, update to 18.12.03
Apache Ozone	Affected, update to 1.2.1
Apache POI	Not affected, only uses log4j-api
Apache SkyWalking	Affected, update to 8.9.1
Apache Sling	Not affected
Apache Solr	Affected, update to 8.11.1
Apache Spark	Not affected, uses log4j 1.x
Apache Subversion	Not affected
Apache Struts	Affected
Apache Tika	Affected (1.x is not affected as uses log4j 1.x)
Apache Tomcat	Not Affected
Apache TrafficControl	Affected
Apache Uima	Not affected
Apache XMLBeans	Not affected, only uses log4j-api
Apache ZooKeeper	Not affected, uses log4j 1.x

作者：ITmob

链接：https://www.itmob.cn/archives/受log4j漏洞影响的apache项目

来源：ITmob.cn

著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。

Mon Mar 7

受Log4j漏洞影响的Apache项目

相关推荐

相关文章

Your browser is out-of-date!