changelog/12.0/12.0.1/summary.md
This patch is providing an update regarding the Apache Log4j security vulnerability (CVE-2021-44228) (#9357), along with a few bug fixes.
2.15.0 with a patch that mitigates the impact of this CVE. It was quickly found that the initial patch was insufficient, and additional CVEs
CVE-2021-45046 and CVE-2021-44832 followed.
These have been fixed in release 2.17.1. This release of Vitess, v12.0.1, uses a version of Log4j below 2.17.1, for this reason, we encourage you to use version v12.0.3 instead, to benefit from the vulnerability patches.