cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

CVE-2021-44228

herry
New Contributor III

Hi,

Any affect of CVE-2021-44228 problem on Databricks platform?

Is there any action that needs to be done by Databricks customer related to CVE-2021-44228?

6 REPLIES 6

Hubert-Dudek
Esteemed Contributor III

Databricks is still on log4j 1. That alert is related to log4j 2.

-werners-
Esteemed Contributor III

It depends.

The vulnerability in question is CVE-2021-44228.

Log4j 2.0-beta9 to 2.14.1 are vulnerable. With version 2.15.0 the issue is resolved.

So it depends on the version of Log4j you are running.

You can set 'log4j2.formatMsgNoLookups' to 'true' by addubg โ€Dlog4j2.formatMsgNoLookups=Trueโ€ to the cluster startup params.

I do not know the log4j versions per databricks version.

Maybe someone from databricks can tell us which versions are impacted.

Kencorp
New Contributor II

How can I know which version I have?

-werners-
Esteemed Contributor III

on the databricks docs you get an overview of the installed version by databricks-version:

https://docs.databricks.com/release-notes/runtime/releases.html

Select the release you use and then search for 'log4j'.

Of course that is no guarantee, because you can submit your own fat jars with another log4j version included.

If you do not do that, that is not an issue ofc.

Kencorp
New Contributor II

Thank you very much

Hubert-Dudek
Esteemed Contributor III

On most databricks distributions log4j version is 1.2.17

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group