December 17, 2021 - CVE-2021-44228

New CML engine: docker.repository.cloudera.com/cloudera/cdv/cmldataviz:6.3.5-b5

Cloudera released a new version of CDP Data Visualization (CDV). This new version addresses CVE-2021-44228 which affects products using Apache Log4j2 versions 2.0 through 2.14.1.

CDV is not written in Java and therefore is not vulnerable. However, as the custom CDP Data Visualization engine is built upon a CML engine, it has been updated to the newly released version of the CML engine that removes the vulnerability reported in CVE-2021-44228. For more information about the new CML engine, see CVE-2021-44228 Remediation for CML Data Service.

If you use CDV with Cloudera Machine Learning, update your CML engine to the latest version, which includes fixes for the log4j2 security vulnerability in CML. After updating the engine to the latest version, running CDV instances (applications) should be restarted.

If you use CDV with Cloudera Data Science Workbench, no action is required.