about log4j2 failure (CVE-2021-44228) in cloudera
there is the KB: https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=...
instructs to run the script to remove a class in the jar etc.
our doubt is, do we need to run this script in any version of CM / CDH or just the version from 6.x.x?
Previously asked and answered in this thread:
log4j2 vulnerability (CVE-2021-44228)
thank you @ask_bill_brooks
I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.
but I will consider version 5.x and 6.x to run this script.