Cloudera Logging is now available in CDP Private Cloud Base 7.1.7 SP1
Cloudera Logging is a modified Apache Log4j 1.2.x compatible logging library included with CDP Private Cloud Base 7.1.7 SP1 that is created, distributed, and maintained by Cloudera to address the recent vulnerabilities in Apache Log4j 1.2.x.
While Apache Log4j 2.x is actively maintained by the Apache Software Foundation community, 1.2.x isn't and many Cloudera components rely on Log4j 1.2.x libraries. Because there is limited compatibility between 1.2.x and 2.x, we created Cloudera Logging which was forked from Apache Log4J 1.2.17 and maintained by Cloudera internally to provide customers with a more secure, stable, and maintained logging library that's compatible with 1.2.x and includes security fixes from the Log4j and Reload4j community fork. To help ensure that Cloudera Logging stays current with the latest community work, Cloudera's product security and compliance teams are monitoring the Log4j and Reload4j communities for new issues and, when identified, work to include fixes in Cloudera Logging as applicable.
With CDP Private Cloud Base 7.1.7 SP1, Cloudera Logging includes fixes for CVE-2020-9488, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.
Contact your Cloudera account team if you have any questions or would like to upgrade to the latest version of CDP Private Cloud Base 7.1.7 SP1.