question

cherrmann avatar image
cherrmann asked Erick Ramirez answered

When will Log4j in DSE be upgraded to 2.17.0?

Hi team, in the advisory dated 20 Dec, 2021, it states that Datastax "is now in the process of upgrading and verifying the upgrade to Log4j 2.17.0."

What is the time frame on this upgrade being ready for download?

cve
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

DataStax Enterprise has code for Log4j 1.x but it's not in use so DSE is not affected by (not vulnerable to) CVE-2021-45105 as stated in the advisory you linked.

DSE like open-source Apache Cassandra uses logback so there will be no change to Log4j in DSE. Cheers!

Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.