Vendor Resources

Resource	Link
Update for Apache Log4j2 Issue (CVE-2021-44228)	https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Community Resources

Resource	Link
Update for Apache Log4j2 Issue (CVE-2021-44228)	https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Community Notes

Source	Note
NCSC-NL	CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL	We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher)
CISAGov	We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher)
CISAGov	Last Update: 12/14/2021

Sources

Date	Attribution	Description
2021-12-31 9:06:53	NCSC-NL	Updated vendorPatchExists. Updated community note. Updated community link Update for Apache Log4j2 Issue (CVE-2021-44228). Updated community note.
2021-12-30 21:31:50	CISAGov	Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Update for Apache Log4j2 Issue (CVE-2021-44228). Updated community note. Updated community note.