Hello,
I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?
Thanks,
Mor
Created 12-12-2021 01:41 AM
It is in deed an important question.
Created 12-12-2021 01:33 PM
Following - Cloudera please provide recommendations as this is really urgent.
Created 12-12-2021 07:26 PM
Please go through below apache docs, its might help
Created 12-24-2021 12:05 AM
I upgraded log4j to 2.17 0, but the following error occurred when restarting hiveserver2:
Created 12-12-2021 11:30 PM
Hi All,
Is there any impact of CVE-2021-44228 - log4j Arbitrary RCE on CDH 5.x and 6.x??
Regards,
Hanu
Created 12-13-2021 05:59 AM
Cloudera platform security teams are actively assessing the impact to our on-premises and cloud products and will provide an impact analysis update to customers as soon as possible.
Created 12-13-2021 01:41 AM
Hi Team,
Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228 vulnerable, Could you please suggest due to this any problem for cloudera ?
Thanks
Srikanth
Created 12-13-2021 02:04 AM
I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?
Created 12-13-2021 02:19 AM
Could you please refer to below url , this statement came from apache, but not from Cloudera.
https://logging.apache.org/log4j/2.x/security.html
Thanks
Srikanth