When will Log4j in DSE be upgraded to 2.17.0?

Question

question

cherrmann asked Feb 18, '22 Erick Ramirez answered Feb 18, '22

When will Log4j in DSE be upgraded to 2.17.0?

Hi team, in the advisory dated 20 Dec, 2021, it states that Datastax "is now in the process of upgrading and verifying the upgrade to Log4j 2.17.0."

What is the time frame on this upgrade being ready for download?

cve

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

DataStax Enterprise is powered by the best distribution of Apache Cassandra ™

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Privacy Policy Terms of Use

Answer 1 · 2022-02-18T09:08:19Z

Erick Ramirez answered Feb 18, '22

DataStax Enterprise has code for Log4j 1.x but it's not in use so DSE is not affected by (not vulnerable to) CVE-2021-45105 as stated in the advisory you linked.

DSE like open-source Apache Cassandra uses logback so there will be no change to Log4j in DSE. Cheers!

Share

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

question