![]() ![]() ![]() EMR clusters launched with EMR 5 and EMR 6 releases include open source frameworks such as Apache Hive, Apache Flink, HUDI, Presto, and Trino, which use these versions of Apache Log4j. We recommend customers evaluate components of their environment which are outside of the Amazon Connect service boundary (such as Lambda functions that are called from contact flows) which may require separate/additional customer mitigation.Īmazon Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046.Īmazon Chime services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046.ĬVE-2021-44228 impacts Apache Log4j versions between 2.0 and 2.14.1 when processing inputs from untrusted sources. If you need additional details or assistance, please contact AWS Support.Īmazon Connect has been updated to mitigate the issues identified in CVE-2021-44228. No further service-specific updates are required after this final bulletin. Įven with this hot patch deployed, customers should still deploy an updated Log4j library as quickly as they safely can, like we’re doing across AWS.įor more details on how to detect and remediate the Log4j CVEs using AWS services, please read our most recent blog post here. More information about the Java hotpatch is available at. We will shortly complete our deployment of the updated Log4j library to all of our services. The hot patch updates the Java VM to disable the loading of the Java Naming and Directory Interface (JNDI) class, replacing it with a harmless notification message, which mitigates CVE-2021-44228 and CVE-2021-45046. ![]() We've taken this issue very seriously, and our world-class team of engineers has fully deployed the Amazon-developed Java hot patch available here to all AWS services. ![]() Responding to security issues such as this one shows the value of having multiple layers of defensive technologies, which is so important to maintaining the security of our customers’ data and workloads. AWS is aware of the recently disclosed issues relating to the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |