I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?
Cloudera platform security teams are actively assessing the impact to our on-premises and cloud products and will provide an impact analysis update to customers as soon as possible.
Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228 vulnerable, Could you please suggest due to this any problem for cloudera ?
I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?