Log4j vulnerabilities in snowplow/rdb-loader-redshift

Kristina_Pianykh · August 7, 2023, 6:45am

Dear Snowplow team,

I would like to point out some vulnerabilities caused by the version of Log4j currently used in the Docker image snowplow/rdb-loader-redshift.

Current version Lof4j: 1.2.17
More on the reported vulnerabilities:

Is it possible to update it? Would highly appreciate a response and keep up the good work!

josh · August 8, 2023, 3:26am

Hi @Kristina_Pianykh our internal code scanning system had flagged this up already but thanks for also raising a warning on it! All critical CVEs are high priority for the team to tackle but will get this thread updated when new assets for the RDB Loader project are out without this issue.

istreeter · August 10, 2023, 10:26am

Hi @Kristina_Pianykh this got addressed in RDB loader 5.7.1

Kristina_Pianykh · August 17, 2023, 1:25pm

Many thanks for resolving it!

Topic		Replies	Views
RDB Loader 5.3.2 released New releases	0	759	March 8, 2023
RDB Loader 6.0.0 released New releases	0	145	March 25, 2024
Snowplow RDB Loader R31 released New releases	7	1446	October 1, 2019
RDB Loader Fargate task stopped, log stream still running Storage targets	0	768	November 10, 2021
Snowplow RDB Loader 3.0.0 released New releases	4	2015	May 3, 2022

Log4j vulnerabilities in snowplow/rdb-loader-redshift

Related Topics