By using AWS re:Post, you agree to the Terms of Use

EMR with Log4j 2.17.1

0

Hi, Does EMR have a fix to resolve the issue related to log4j CVE's to upgrade to Log4J 2.17.1. Do you know when will it be available.

asked 9 months ago134 views
1 Answer
0
Accepted Answer

Hi @jayaram

Yes there is a fix, you need to set up an EMR bootstrap action to run the provided script for the EMR version as described in Approach to mitigate CVE-2021-44228

answered 9 months ago
EXPERT
reviewed 9 months ago
  • Can you provide details on this specific CVE : 2021-44832 This one is reffering to all the 2.x versions. Can you let me know when will the patch be available for this?

  • @jayaram CVE : 2021-44832 should only impact Apache Log4j2 versions 2.0-beta7 through 2.17.0 and the resolution is : This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. https://nvd.nist.gov/vuln/detail/CVE-2021-44832

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions