Sat May 21, 2022 12:34 pm
Login Register Lost Password? Contact Us


CVE-2021-44228 Security Vulnerability Announcement

Latest news about general information and events

Tue Dec 14, 2021 9:27 pm Change Time Zone

The HPCC Systems team has been made aware of the Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial-of-service attack. More details can be found on the Apache Log4J 2 website: https://logging.apache.org/log4j/2.x/.

This announcement summarizes the currently known potential impacts to the HPCC Systems platform. At this point, our engineering and security teams have determined that impacts are limited to the HPCC4J, and the Spark-plugins. The base HPCC Systems Platform does not use or reference Log4j and is not directly affected by the CVE-2021-44228 vulnerability.

Our engineering and security teams continue to actively work on the analysis and any additional actions our users should perform will be updated in this forum post on an ongoing basis until the issue is resolved.
  • The base HPCC Systems Platform does not use or reference Log4j and is not directly affected by the CVE-2021-44228 vulnerability
  • Affected HPCC Systems add-ons referenced vulnerable versions of log4j:
    • HPCC4J/WsClient (affected versions: < 8.4.16, patched versions: 7.12.84-rc2, 8.0.56-rc2, 8.2.40-rc2, 8.4.18-rc2 )
    • Spark-HPCC (affected versions: < 8.4.16, patched versions: 7.12.84-rc2, 8.0.56-rc2, 8.2.40-rc2, 8.4.18-rc2)
    • Users are strongly encouraged to update to the latest point release.
  • Helm chart provided by HPCC deploys Elastic Stack components which have been reported to be affected:
jmlorti
 
Posts: 1
Joined: Tue Mar 29, 2016 3:20 pm

Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron