Druid - druid-0.22.1

Security

Apache Druid 0.22.1 is a bug fix release that fixes some security issues. See the complete set of changes for additional details.

# Bug fixes

https://github.com/apache/druid/pull/12051 Update log4j to 2.15.0 to address CVE-2021-44228
https://github.com/apache/druid/pull/11787 JsonConfigurator no longer logs sensitive properties
https://github.com/apache/druid/pull/11786 Update axios to 0.21.4 to address CVE-2021-3749
https://github.com/apache/druid/pull/11844 Update netty4 to 4.1.68 to address CVE-2021-37136 and CVE-2021-37137

# Credits

Thanks to everyone who contributed to this release!

@abhishekagarwal87
@andreacyc
@clintropolis
@gianm
@jihoonson
@kfaraz
@xvrl

Details

date
Dec. 11, 2021, 9:24 a.m.
name
druid-0.22.1
type
Patch
official page
https://github.com/apache/druid/releases/tag/druid-0.22.1
👇
Register or login to:
  • 🔍View and search all Druid releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or