Support Questions

Find answers, ask questions, and share your expertise

log4j2 failure (CVE-2021-44228) in cloudera

avatar
Expert Contributor

Hello

 

about log4j2 failure (CVE-2021-44228) in cloudera

 

there is the KB: https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=...

 

instructs to run the script to remove a class in the jar etc.

 

our doubt is, do we need to run this script in any version of CM / CDH or just the version from 6.x.x?

1 ACCEPTED SOLUTION

avatar
Expert Contributor

thank you @ask_bill_brooks 

 

I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.

 

but I will consider version 5.x and 6.x to run this script.

View solution in original post

4 REPLIES 4

avatar

Previously asked and answered in this thread:

log4j2 vulnerability (CVE-2021-44228)

 

 

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Expert Contributor

thank you @ask_bill_brooks 

 

I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.

 

but I will consider version 5.x and 6.x to run this script.

avatar
Rising Star

avatar
Expert Contributor

hi @PrathapKumar 

thanks for the answer! 😉

but, I had already seen this KB from fixed CVE 😊