It is written on the website: https://hadoop.apache.org/
Hadoop, as of today depends on log4j 1.x, which is NOT susceptible to the attack (CVE-2021-44228). > > On 09-Jan-2022, at 8:19 PM, Deepti Sharma S > <[email protected]> wrote: > > > Hello Team, > > As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you > please confirm, when we have Hadoop version release which has this > vulnerability fix and has Log4J version 2.17? > > > > Regards, > Deepti Sharma > PMP® & ITIL > >
