By using AWS re:Post, you agree to the Terms of Use

EMR with Log4j 2.17.1


Hi, Does EMR have a fix to resolve the issue related to log4j CVE's to upgrade to Log4J 2.17.1. Do you know when will it be available.

asked 9 months ago134 views
1 Answer
Accepted Answer

Hi @jayaram

Yes there is a fix, you need to set up an EMR bootstrap action to run the provided script for the EMR version as described in Approach to mitigate CVE-2021-44228

answered 9 months ago
reviewed 9 months ago
  • Can you provide details on this specific CVE : 2021-44832 This one is reffering to all the 2.x versions. Can you let me know when will the patch be available for this?

  • @jayaram CVE : 2021-44832 should only impact Apache Log4j2 versions 2.0-beta7 through 2.17.0 and the resolution is : This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions