Log4j vulnerabilities
Cloudera has released hotfixes for Cloudera Runtime versions 7.2.7 and newer on Public Cloud that address Log4j2 vulnerabilities.
The following vulnerabilities have been addressed for Cloudera Runtime versions 7.2.7 through 7.2.12:
You should upgrade your Cloudera services running Cloudera Runtime versions 7.2.7+ so that they include the latest hotfixes. You can update your existing Data Lake and Cloudera Data Hub clusters by doing a maintenance upgrade. You should first upgrade the Data Lake and then upgrade all the Cloudera Data Hub clusters that are using the Data Lake. Refer to Data Lake upgrade and Cloudera Data Hub upgrade documentation. Data Lake and Cloudera Data Hub maintenance upgrade is supported only in technical preview for maintenance upgrades from Cloudera Runtime versions 7.2.7 and higher.
If you are running a version of Cloudera Runtime prior to 7.2.7, contact Cloudera Support for details on how to upgrade Cloudera Runtime.
For more information about these hotfixes, refer to the Cloudera Runtime Release Notes for the version of Runtime that you use.
