Hi team, in the advisory dated 20 Dec, 2021, it states that Datastax "is now in the process of upgrading and verifying the upgrade to Log4j 2.17.0."
What is the time frame on this upgrade being ready for download?
Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
DataStax Enterprise has code for Log4j 1.x but it's not in use so DSE is not affected by (not vulnerable to) CVE-2021-45105 as stated in the advisory you linked.
DSE like open-source Apache Cassandra uses logback so there will be no change to Log4j in DSE. Cheers!
6 People are following this question.
jackson-databind 2.7.9.3 in Java driver 3.11 has 47 vulnerabilities
What steps are required to mitigate the UDF exploit in CVE-2021-44521?
Is there any impact of the log4j vulnerability CVE-2021-4104 on OpsCenter ?
commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114
DSE includes a version of Jackson-databind package identified as vulnerable to RCE in CVE-2020-8840
DataStax Enterprise is powered by the best distribution of Apache Cassandra ™
© 2022 DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.
Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.
Privacy Policy Terms of Use