We have released version 2.0.4 of Enrich, upgrading dependencies to address the recently identified Log4j 2 vulnerability (CVE-2021-44228).
The main highlights of this release are:
- Fix the version of
log4j-core(used only insnowplow-stream-enrich-nsq) to 2.16.0. - Bump the version of Beam to 2.33.0, as advised by GCP.
- Bump the version of KCL to 1.14.5, as advised by AWS.
We have also bumped other dependencies to ensure we’re on latest versions.
2.0.4 images can be pulled from Docker Hub.
For the full list of changes and jar files, see the release notes: