Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 88 Next »

Here you can find the latest information on user documentation, functional descriptions and fixed bugs.


Important Information to all MediationZone Users!

On Friday, Dec 10, we became aware of a critical bug in the Apache Log4J2 library which is commonly used for logging purposes in many well-known products.

MZ 8.1

According to our latest analysis (2021-12-14), MZ 8.1.X is not affected by this issue.

MZ 8.2

The DataHub component relies on a Cloudera Impala connector which bundles a vulnerable version of log4j-core. This library use is localized to the DataHub component and, specifically, its data connector. Customers who do not use DataHub in their workflows are not affected.

To customers on MZ 8.2 who use the DataHub component and want to mitigate a potential attack vector, we recommend one of these two options:

  • Set JVM system property log4j2.formatMsgNoLookups=true

  • Set environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true on the MZ server

We will closely follow our dependencies vendors' updates and watch for any new information regarding all third-party packages we use to make sure we act upon any new information from them once it is made available.

We are working on an ER release to mitigate mentioned DataHub issue and also update the existing log4j-core to the latest maintained version on the current major that includes some security updates.

Last update: 9.56 CET


Support

If you need to get in contact with our Support desk, please see our Support Web User Guide.

blank
blank



  • No labels