CVE-2021-45105 & CVE-2021-44832 remediation for Cloudera DataFlow for Data Hub
Learn more about the CVE-2021-45105 and CVE-2021-44832 remediation for the Flow Management, Streams Messaging and Streaming Analytics cluster templates in Cloudera DataFlow for Data Hub.
On February 1, 2022, Cloudera released a hotfix to Cloudera on cloud Runtime version 7.2.12. It addresses the CVE and other vulnerability concerns as listed below:
- CVE-2021-45105 which affects Apache Log4j2 versions from 2.0-beta9 to 2.16.0, excluding 2.12.3
- CVE-2021-44832 which affects Apache Log4j2 versions from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4
| Template | Impacted versions |
|---|---|
| Flow Management | All versions |
| Streams Messaging | Not impacted |
| Streaming Analytics | All versions from 7.2.10 |
As the Cloudera DataFlow for Data Hub cluster templates are running in the Cloudera on cloud environment powered by Runtime, Cloudera encourages users to upgrade the Cloudera services running Runtime versions from 7.2.7 so that they include the latest hotfixes. You can update your existing data lakes and data hubs by doing a maintenance upgrade. For more information, see the Data Lake upgrade and Data Hub upgrade documentation.
If you are running a version of Runtime lower than 7.2.7, contact Cloudera Support for details on how to upgrade Runtime.
For more information about the impacts of CVE-2021-45105, see the TSB 2021-547: Critical vulnerability in log4j2 CVE-2021-45105 Knowledge Base article.
