AMI updates for log4j2 CVE-2021-44228

As there are multiple Deep Learning AMI with different OS and different configuration, so it will be difficult to identify if resources under your account is impacted or not without getting more information on the detail configuration.

AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228).

Responding to security issues such as this one show the value of having multiple layers of defensive technologies, which is so important to maintaining the security of our customers data and workloads. We're taking this issue very seriously, and our world-class team of engineers has been working around the clock on our response and remediation. We expect to rapidly restore our full state of defense in depth.

We continue to recommend that our customers take action to update all their applications and services by patching for known issues like this one and continue to follow our well architected guidance.

Additional service-specific information is provided below[1]. If you need additional details or assistance, please contact AWS Support[2].

Reference: [1] https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ [2] https://console.aws.amazon.com/support/home?#/case/create