Log4j vulnerabilities

Cloudera has released hotfixes for Public Cloud Runtime versions 7.2.7 and newer that address Log4j2 vulnerabilities.

The following vulnerabilities have been addressed for Public Cloud Runtime versions 7.2.7 through 7.2.12:

CVE-2021-44228

CVE-2021-45046

LOGBACK-1591

CVE-2021-45105

CVE-2021-44832

You should upgrade your CDP services running Runtime versions 7.2.7+ so that they include the latest hotfixes. You can update your existing Data Lake and Data Hubs by doing a maintenance upgrade. You should first upgrade the Data Lake and then upgrade all the Data Hubs that are using the Data Lake. Refer to Data Lake upgrade and Data Hub upgrade documentation. Data Lake and Data Hub maintenance upgrade is supported only in technical preview for maintenance upgrades from Runtime versions 7.2.7 and higher.

If you are running a version of Runtime prior to 7.2.7, contact Cloudera Support for details on how to upgrade Runtime.

For more information about these hotfixes, refer to the CDP Public Cloud Runtime Release Notes for the version of Runtime that you use.