Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-44228 Log4J security vulnerability #2

Open
mmalohlava opened this issue Feb 15, 2022 · 1 comment
Open

CVE-2021-44228 Log4J security vulnerability #2

mmalohlava opened this issue Feb 15, 2022 · 1 comment

Comments

@mmalohlava
Copy link
Member

H2O-3: Latest version of h2o from PyPI  (3.34.0.3) contains a vulnerable version of log4j (2.14.1) Also 3.34.0.4 release of http://h2o-release.s3.amazonaws.com/h2o/rel-zizler/4/index.html contains vulnerable version 2.14.1 of log4j. H2O versions starting with 3.32.1.7 up to 3.34.0.4 are affected in the standalone version.  Hadoop deployments and Sparkling Water deployments are not affected. H2O clusters or instances deployed in accordance with our security guidelines ​​https://docs.h2o.ai/h2o/latest-stable/h2o-docs/security.html are only technically affected (only the person owning the cluster can trigger the attack). DAI 1.10.1 affected and older versions? HAIC MLops Feature Store Steam - uses 1.2.16 - NOT affected Puddle - NOT affected

 

 


@mmalohlava mmalohlava added this to the test milestone Feb 15, 2022
@mmalohlava
Copy link
Member Author

Comment from Freshservice:
Freshservice: 8 linked successfully.
Freshservice: #8
By: Michal Malohlava <[email protected]>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant