log4j vulnerability - action plan for clients

pawelmitrus
Contributor

I'm looking for some information regarding log4j vulnerability - if any databricks runtime should be changed manually by the client or when specific update will be applied.

I know I can go through the docs by myself, finding out which log4j library is used in runtimes (and I did), but I'm wondering if there will be any note centrally released/announced?

EDIT: it's not only with regarding to databricks runtime, but also to API calls to Databricks API.

-werners-
Esteemed Contributor III

These topics will give you an answer (especially the first one which is answered by Databricks)

https://community.databricks.com/s/feed/0D53f00001YOOVxCAP

https://community.databricks.com/s/feed/0D53f00001Y5MhTCAV

Prabakar
Databricks Employee
Databricks Employee

Hi @pawelmitrus​ Please go through the blog for further information on the Apache Log4J Vulnerability issue.

Mr_Srinivasa
New Contributor II

Thanks for sharing such important facts. I got the best security service provider website on the internet. They are excellence in the field of security.