Sign up to take part
Registered users can ask their own questions, contribute to discussions, and be part of the Community!
Dataiku installation directory contains log4j 1.2.17. Security team has raised a critical vulnerability regarding this. I know DSS has confirmed that its not vulnerable to the family of vulnerabilities regarding Log4J. But is it possible to change the log4j jar file to its latest version?
Operating system used: RHEL 7
Hi @suraj1012 ,
As noted here : https://doc.dataiku.com/dss/latest/security/index.html
DSS has been verified to not be susceptible to any of the log4j attack vectors.
If you want to reduce the noise from the vuln scanners you will need to upgrade to DSS 11.2.0.
Please note not to remove or alter the log4j jar file yourself as this will break DSS.