I replied to a user- post about this, but thought it was worth repeating it here.
In https://issues.apache.org/jira/browse/CASSANDRA-5883 you can see where Apache Cassandra never chose to use log4j2 (preferring logback instead), and thus is not, and has never been, vulnerable to this RCE. Kind Regards, Brandon --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
