Log4j vulnerability in Java code Dataflow (GCP pipeline)

Hi all,

A vulnerability in Java has been notified to us by GCP that this affects all services using Apache Beam SDK 2.31.0 or older. Second Log4j vulnerability discovered, patch already released | ZDNet

Is this something in the roadmap to be mitigated in the near future since the beam enrich service utilizes Dataflow and the Apache Beam SDK?

Hi @brajjany ,

Yes we are on top of it, we will release a new version of Beam Enrich with the fix today or tomorrow.

Please note that Beam Enrich is going to be deprecated next month, in favor of enrich-pubsub.

3 Likes

Hi @brajjany
Beam Enrich has just been updated to v2.0.4: Enrich 2.0.4 released

2 Likes

I see, I think I must have missed this part! Is there anything to keep in mind in particular when migrating to the JVM instead?

Nothing that I can think of.

If the page is missing some details please let us know so that we can improve it.