Cloudera Data Engineering fix for CVE-2021-44228

On December 21, 2021, Cloudera released Cloudera Data Engineering (CDE) for Public Cloud version 1.13.0-h1-b1. It addresses the Log4j2 security vulnerabilities listed below. Cloudera urges all customers to upgrade their Data Engineering services to the latest version.

Upgrade to the latest Data Engineering version

To upgrade your Cloudera Data Engineering service to the latest version, which addresses the log4j2 security vulnerability, follow these steps. These steps provide a comprehensive upgrade and are the recommended approach. To ensure compatibility with the CDP environment, you must also upgrade the environment DataLake to Runtime 7.2.11 or higher.

  1. For each existing virtual cluster, create a backup of the jobs and resources.
  2. Enable a new Cloudera Data Engineering service for each existing CDE service you have. Make sure to use the same settings as the existing service for each new corresponding service.
  3. Within each new Data Engineering service, create a new virtual cluster for each existing virtual cluster in the pre-existing service. Make sure to use the same settings as the existing virtual cluster for each new corresponding virtual cluster.
  4. After making sure that you have added CDE services and virtual clusters to match your existing deployment, restore the backup file for each pre-existing virtual cluster to the corresponding new virtual cluster.


Your Cloudera Data Engineering service and all associated virtual clusters are upgraded to the latest version.