A vulnerability in Java has been notified to us by GCP that this affects all services using Apache Beam SDK 2.31.0 or older. Second Log4j vulnerability discovered, patch already released | ZDNet
Is this something in the roadmap to be mitigated in the near future since the beam enrich service utilizes Dataflow and the Apache Beam SDK?
Hi @brajjany ,
Yes we are on top of it, we will release a new version of Beam Enrich with the fix today or tomorrow.
Please note that Beam Enrich is going to be deprecated next month, in favor of enrich-pubsub.
Beam Enrich has just been updated to v2.0.4: Enrich 2.0.4 released
I see, I think I must have missed this part! Is there anything to keep in mind in particular when migrating to the JVM instead?
Nothing that I can think of.
If the page is missing some details please let us know so that we can improve it.