Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

log4j2 failure (CVE-2021-44228) in cloudera

avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎05-24-2022 08:42 AM

Hello

 

about log4j2 failure (CVE-2021-44228) in cloudera

 

there is the KB: https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=...

 

instructs to run the script to remove a class in the jar etc.

 

our doubt is, do we need to run this script in any version of CM / CDH or just the version from 6.x.x?

821 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank yagoaparecidoti
Expert Contributor

Created on ‎05-24-2022 10:43 AM - edited ‎05-24-2022 10:44 AM

thank you @ask_bill_brooks 

 

I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.

 

but I will consider version 5.x and 6.x to run this script.

View solution in original post

795 Views
0 Kudos
4 REPLIES 4

avatar
ask_bill_brooks author-rank
Moderator

Created ‎05-24-2022 10:19 AM

Previously asked and answered in this thread:

log4j2 vulnerability (CVE-2021-44228)

 

 

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
796 Views
0 Kudos

avatar
author-rank yagoaparecidoti
Expert Contributor

Created on ‎05-24-2022 10:43 AM - edited ‎05-24-2022 10:44 AM

thank you @ask_bill_brooks 

 

I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.

 

but I will consider version 5.x and 6.x to run this script.

796 Views
0 Kudos

avatar
author-rank PrathapKumar author-rank
Rising Star

Created ‎01-16-2024 04:39 AM

Hi @yagoaparecidoti 

The log4j CVE-2021-44228 is fixed in 7.1.7 SP1

https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/runtime-release-notes/topics/rt-pvc-cve-sp1.h...

277 Views
0 Kudos

avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎01-16-2024 04:53 AM

hi @PrathapKumar 

thanks for the answer! 😉

but, I had already seen this KB from fixed CVE 😊

274 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements