CVE-2021-4428 Remediation for 7.2.7

You can learn more about the CVE-2021-4428 Remediation for 7.2.7.

On December 22, 2021, Cloudera released Public Cloud runtime version 7.2.7_11. It addresses 2 CVEs and other vulnerability concerns as listed below.

• CVE-2021-44228 which affects Apache Log4j2 versions 2.0 through 2.14.1.

• CVE-2021-45046 which affects Apache Log4j2 version 2.15.0

• LOGBACK-1591 which affects logback versions <= 1.2.7

Cloudera urges all customers on the runtime version 7.2.7 (for Datalake or Datahub) to upgrade their services to the latest version.