CVE-2021-4428 Remediation for 7.2.8

You can learn more about the CVE-2021-4428 Remediation for 7.2.8.

On January 3, 2022, Cloudera released Public Cloud runtime version 7.2.8_5. It addresses 2 CVEs and other vulnerability concerns as listed below.

• CVE-2021-44228 which affects Apache Log4j2 versions 2.0 through 2.14.1.

• CVE-2021-45046 which affects Apache Log4j2 version 2.15.0

• LOGBACK-1591 which affects logback versions <= 1.2.7

Cloudera urges all customers on the runtime version 7.2.8 (for Datalake or Datahub) to upgrade their services to the latest version.