Log4j vulnerabilities in snowplow/rdb-loader-redshift

Dear Snowplow team,

I would like to point out some vulnerabilities caused by the version of Log4j currently used in the Docker image snowplow/rdb-loader-redshift.

Current version Lof4j: 1.2.17
More on the reported vulnerabilities:

Is it possible to update it? Would highly appreciate a response and keep up the good work!

Hi @Kristina_Pianykh our internal code scanning system had flagged this up already but thanks for also raising a warning on it! All critical CVEs are high priority for the team to tackle but will get this thread updated when new assets for the RDB Loader project are out without this issue.

1 Like

Hi @Kristina_Pianykh this got addressed in RDB loader 5.7.1


Many thanks for resolving it!:pray:

1 Like