New Zero-Day Vulnerability in Log4j
DataSunrise is aware of the recent disclosure of security issue related to the open-source Apache Log4j (CVE-2021-44228). DataSunrise team is actively monitoring this issue, even though DataSunrise product has not been affected.
Hereby we confirm that the DataSunrise software was not affected by this security incident. The version of Log4j that is included in DataSunrise has not been impacted by this security issue.
The previous version of DataSunrise included the HDFS library that contains the Log4j library. This module is used ONLY for Static Masking on Hive and Impala. All other functionalities do not use this library.
This exploit affects Log4j versions 2.0-2.14.1. The library of Log4j from HDFS that was included in previous version of DataSunrise is of an earlier version, 1.2. So you do not need to take any actions using our product.
We encourage you to check all your environments that contain Log4j and update it to the latest version that is available here: logging.apache.org/log4j/2.x/download.html.
If you need any additional details or help, please contact DataSunrise Support.