Created 05-24-2022 08:42 AM
Hello
about log4j2 failure (CVE-2021-44228) in cloudera
there is the KB: https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=...
instructs to run the script to remove a class in the jar etc.
our doubt is, do we need to run this script in any version of CM / CDH or just the version from 6.x.x?
Created on 05-24-2022 10:43 AM - edited 05-24-2022 10:44 AM
thank you @ask_bill_brooks
I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.
but I will consider version 5.x and 6.x to run this script.
Created 05-24-2022 10:19 AM
Previously asked and answered in this thread:
log4j2 vulnerability (CVE-2021-44228)
Created on 05-24-2022 10:43 AM - edited 05-24-2022 10:44 AM
thank you @ask_bill_brooks
I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.
but I will consider version 5.x and 6.x to run this script.
Created 01-16-2024 04:39 AM
The log4j CVE-2021-44228 is fixed in 7.1.7 SP1
Created 01-16-2024 04:53 AM
hi @PrathapKumar
thanks for the answer! 😉
but, I had already seen this KB from fixed CVE 😊