cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

CVE-2021-44228

herry
New Contributor III

Hi,

Any affect of CVE-2021-44228 problem on Databricks platform?

Is there any action that needs to be done by Databricks customer related to CVE-2021-44228?

1 ACCEPTED SOLUTION

Accepted Solutions

Kaniz
Community Manager
Community Manager

Hi @Herry Ramliโ€‹ , Please go through the blog for more information regarding the issue stated by you.

View solution in original post

8 REPLIES 8

Hubert-Dudek
Esteemed Contributor III

Databricks is still on log4j 1. That alert is related to log4j 2.

-werners-
Esteemed Contributor III

It depends.

The vulnerability in question is CVE-2021-44228.

Log4j 2.0-beta9 to 2.14.1 are vulnerable. With version 2.15.0 the issue is resolved.

So it depends on the version of Log4j you are running.

You can set 'log4j2.formatMsgNoLookups' to 'true' by addubg โ€Dlog4j2.formatMsgNoLookups=Trueโ€ to the cluster startup params.

I do not know the log4j versions per databricks version.

Maybe someone from databricks can tell us which versions are impacted.

Kencorp
New Contributor II

How can I know which version I have?

-werners-
Esteemed Contributor III

on the databricks docs you get an overview of the installed version by databricks-version:

https://docs.databricks.com/release-notes/runtime/releases.html

Select the release you use and then search for 'log4j'.

Of course that is no guarantee, because you can submit your own fat jars with another log4j version included.

If you do not do that, that is not an issue ofc.

Kencorp
New Contributor II

Thank you very much

Hubert-Dudek
Esteemed Contributor III

On most databricks distributions log4j version is 1.2.17

Kaniz
Community Manager
Community Manager

Hi @Julie Mullinsโ€‹ , Would you like to reply?

Kaniz
Community Manager
Community Manager

Hi @Herry Ramliโ€‹ , Please go through the blog for more information regarding the issue stated by you.

Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.