Here you can find the latest information on user documentation, functional descriptions and fixed bugs.
Mediation Zone
User Documentation, Release Information and more
Usage Engine - Private Edition
User Documentation, Release Information and more
Usage Engine - Cloud Edition
User Documentation, Release Notes and Tutorials
Important Information to all MediationZone Users!
On Friday, Dec 10, we became aware of a critical bug in the Apache Log4J2 library which is commonly used for logging purposes in many well-known products.
MZ 8.1
According to our latest analysis (2021-12-14), MZ 8.1.X is not affected by this issue.
MZ 8.2
The DataHub component relies on a Cloudera Impala connector which bundles a vulnerable version of log4j-core. This library use is localized to the DataHub component and, specifically, its data connector. Customers who do not use DataHub in their workflows are not affected.
To customers on MZ 8.2 who use the DataHub component and want to mitigate a potential attack vector, we recommend one of these two options:
Set JVM system property
log4j2.formatMsgNoLookups=true
Set environment variable
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
on the MZ server
We will closely follow our dependencies vendors' updates and watch for any new information regarding all third-party packages we use to make sure we act upon any new information from them once it is made available.
We are working on an ER release to mitigate mentioned DataHub issue and also update the existing log4j-core to the latest maintained version on the current major that includes some security updates.
Last update: 9.56 CET
Support
If you need to get in contact with our Support desk, please see our Support Web User Guide.
blank
blank