Vendor Patch ExistsCommunity Resources
| Resource | Link |
|---|---|
| source | https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ |
| hotpatch | https://aws.amazon.com/blogs/opensource/hotpatch-for-apache-log4j/ |
Community Notes
| Source | Note |
|---|---|
| NCSC-NL | CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix |
| NCSC-NL | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available |
Sources
| Date | Attribution | Description |
|---|---|---|
| 2021-12-27 15:29:04 | NCSC-NL | Updated vendorPatchExists. Updated community note. Updated community link source. Updated community link hotpatch. Updated community note. |