Created on 04-27-202204:33 PM - edited 04-27-202204:39 PM
Cloudera Logging is a new Apache Log4j 1.2.x compatible logging library included with CDP Private Cloud Base 7.1.7 SP1 that is created, distributed, and maintained by Cloudera to address the recent vulnerabilities in Apache Log4j 1.2.x.
While Apache Log4j 2.x is actively maintained by the Apache Software Foundation community, 1.2.x isn't and many Cloudera components rely on Log4j 1.2.x libraries. Because there is limited compatibility between 1.2.x and 2.x, we created Cloudera Logging to provide customers with a more secure, stable, and maintained logging library that's compatible with 1.2.x and includes security fixes from the Log4j and Reload4j communities. To help ensure that Cloudera Logging stays current with the latest community work, Cloudera's product security and compliance teams are monitoring the Log4j and Reload4j communities for new issues and, when identified, work to include fixes in Cloudera Logging as applicable.