CVE-2021-4428 Remediation for 7.2.12
You can learn more about the CVE-2021-4428 Remediation for 7.2.12.
On January 3, 2022, Cloudera released Public Cloud runtime version 7.2.12_2. It addresses 2 CVEs and other vulnerability concerns as listed below.
-
CVE-2021-44228 which affects Apache Log4j2 versions 2.0 through 2.14.1.
-
CVE-2021-45046 which affects Apache Log4j2 version 2.15.0
-
LOGBACK-1591 which affects logback versions <= 1.2.7
Cloudera urges all customers on the runtime version 7.2.12 (for Datalake or Datahub) to upgrade their services to the latest version.