Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

cherrmann avatar image
cherrmann asked Erick Ramirez answered

When will Log4j in DSE be upgraded to 2.17.0?

Hi team, in the advisory dated 20 Dec, 2021, it states that Datastax "is now in the process of upgrading and verifying the upgrade to Log4j 2.17.0."

What is the time frame on this upgrade being ready for download?

cve
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

DataStax Enterprise has code for Log4j 1.x but it's not in use so DSE is not affected by (not vulnerable to) CVE-2021-45105 as stated in the advisory you linked.

DSE like open-source Apache Cassandra uses logback so there will be no change to Log4j in DSE. Cheers!

Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.