Skip to content

[Hotfix] Update log4j to 2.25.3#27512

Open
eschcam wants to merge 3 commits intoapache:masterfrom
Nordix:bump-log4j
Open

[Hotfix] Update log4j to 2.25.3#27512
eschcam wants to merge 3 commits intoapache:masterfrom
Nordix:bump-log4j

Conversation

@eschcam
Copy link

@eschcam eschcam commented Feb 3, 2026

What is the purpose of the change

log4j-core 2.24.3 contains CVE-2025-68161

Brief change log

  • Update log4j version to 2.25.3

Verifying this change

Passes CI Tests

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

@eschcam eschcam changed the title Update log4j to 2.25.3 [Hotfix] Update log4j to 2.25.3 Feb 3, 2026
@flinkbot
Copy link
Collaborator

flinkbot commented Feb 3, 2026
edited
Loading

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

davidradl
davidradl reviewed Feb 3, 2026
View reviewed changes
@eschcam eschcam requested a review from davidradl February 3, 2026 14:00
davidradl
davidradl reviewed Feb 3, 2026
View reviewed changes
@eschcam eschcam requested a review from davidradl February 3, 2026 15:12
@github-actions github-actions bot added the community-reviewed PR has been reviewed by the community. label Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidradl davidradl Awaiting requested review from davidradl

Assignees

No one assigned

Labels

community-reviewed PR has been reviewed by the community.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eschcam @flinkbot @davidradl