The recent announcement and release of 0-day exploits for these issues makes this an important and highly visible topic. Based on a thorough review Bright Cluster Manager itself and the core integrations are unaffected by this bug.
We strongly suggest customers review the workloads and services they are running. If any of those workloads are based on java or tomcat please consult directly with those vendors to ensure they are not affected.
| Product | Vulnerable? |
|---|---|
| Bright Cluster Manager | Not Applicable |
| Hadoop | log4j v1 – not vulnerable |
| Spark 2.4.1 | log4j v1 – not vulnerable |
| cm-elk-setup | log4j v1 – not vulnerable |
| pgi ( nvidia plugin ) | log4j jar does not contain vulnerable class |
| cuda ( visual tools ) | log4j jar does not contain vulnerable class |
We will continue to review older and deprecated packages to confirm that none are affected by these vulnerabilities.