Summary
To remediate the potential impact of the Apache Security issue raised by CVE-2021-44228 affecting Apache Log4j2 versions 2.0 through 2.14.1 (Note: log4j1.X is not affected), AtScale recommends all customers that are running 2020.4.0 or later execute the procedures in this document.
Impacted AtScale Software Versions
CVE-2021-44228 impacts all versions of AtScale software.
Note: This document applies to AtScale versions 2020.4.0 and greater. For Customers running AtScale versions less than AtScale 2020.4.0, please open a case with AtScale Technical Services for additional instructions.
AtScale Software Versions Covered by this Document:
-
2021.3.0, 2021.3.1
-
2021.2.0
-
2021.1.0, 2021.1.1
-
2020.5.0, 2020.5.1, 2020.5.2
-
2020.4.0, 2020.4.1
For other AtScale versions, please open a case with AtScale Technical Support for additional instructions.
In addition:
-
Customers running AtScale version 2021.1, 2021.2, or 2021.3 and using the AtScale Impala Driver to connect to an Impala SQL engine will need an updated driver from AtScale. Please open a case with AtScale Technical Support for additional instructions if this scenario applies to you.
-
Customers connecting to a Databricks Data Warehouse will need an updated driver from AtScale. Please open a case with AtScale Technical Support for additional instructions if this case applies to you.
Requirements
This procedure contains a script that can be executed on AtScale nodes to detect and remove files impacted by CVE-2021-44228. To run this script, the following Linux packages will need to be present or installed:
-
zip
-
awk
-
sed
-
unzip
The script will check for the presence of these packages and not execute if the packages are not installed.
PRE-CHECK before running the log4jfix script
Please review the following before running the log4jfix script in your AtScale environment:
Step 1 |
Check to ensure your AtScale Environment is running AtScale version 2020.4.0 or greater. |
If YES, you are running AtScale 2020.4 or greater, proceed to Step 2. |
If NO, and you are running an older release of AtScale, then STOP. Please open a case with AtScale support for further instructions. |
Step 2 |
If:
|
If YES, and you are using an Impala driver to connect to Impala, STOP. Please open a case with AtScale support for further instructions. AtScale Support will need to provide you with a new, updated driver. |
If NO, and you are NOT using a connection to Impala or your connection to Impala is using a different driver (most customers use a hiveserver2 driver), proceed to Step 3. |
Step 3 |
If you are connecting AtScale to a Databricks Data Warehouse |
If YES, and you are connecting AtScale to a Databricks data warehouse, STOP. Please open a case with AtScale support for further instructions. AtScale Support will need to provide you with a new, updated driver |
If NO, and you need to connect AtScale to a Databricks data warehouse, proceed to Step 4. |
Link to Download the Procedures and Script
Please click on the following link to download the Procedure and Script