Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Kinesis agent using log4j -zero day vulnerable version

0

Any idea when aws-kinesis-agent will be updated to use log4j 2.15.0 ?

Topics
AnalyticsInternet of Things (IoT)AWS Well-Architected Framework
Tags
Amazon Managed Service for Apache FlinkAmazon KinesisAmazon Kinesis Data StreamsAmazon Data FirehoseSecurity
Language
English
asked 4 years ago430 views
2 Answers
0

Thanks. Anyone has an idea when the update will be pushed to Amazon Linux 2 repo?

answered 4 years ago
0

Version 2.17.1 of log4j is included in the installation of the latest Kinesis Agent on AL2

To verify:

  1. Start an AL2 EC2 instance, then connect to it - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html#eic-prereqs-network-access
  2. Install git
 sudo yum install git
  1. Download the latest Kinesis Agent project from Github
git clone https://github.com/awslabs/amazon-kinesis-agent.git
  1. Install agent
sudo ./setup --install

Observe log4j-1.2-api-2.17.1.jar is installed. You can also verify by viewing the installation manifest in the pom.xml file at the root of the github project directory.

AWS
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content