December 21, 2021
This release (1.13.0-h1-b1) of the Cloudera Data Engineering (CDE) service on CDP Public Cloud addresses the Log4j2 security vulnerability CVE-2021-44228.
Fixed Log4j2 security vulnerability CVE-2021-44228
- Removed
JndiLookup.classfrom affected JAR files.
For instructions on upgrading your existing CDE services and virtual clusters, see Cloudera Data Engineering fix for CVE-2021-44228.