15 December, 2021
min reading time
Analytics Domain Lead at Biztory, and DataDev Ambassador. Tableau Iron Viz 2018 Global Champion, Tableau Ambassador 2020-2021, Tableau Certified Consultant & Architect. He runs in his spare time & plays various musical instruments.
Tableau
Snowflake
Fivetran
On Friday December 10, 2021 after CVE-2021-44228 was disclosed, Fivetran’s Engineering and AppSec teams reviewed the Fivetran services to determine if Log4j was used anywhere in our services. This review determined that Log4j is not used by Fivetran’s core services and customer data remains secure.
Patches for Tableau Server and other on-premise products have been released.
All customers should download and install these updates, patched versions as soon as possible. These releases apply to versions 2020.4 through 2021.4. If you're using an older version of Tableau, you must upgrade to one of these more recent versions.
Update: in the light of multiple vulnerabilities having been identified, two subsequent releases of Tableau software have taken place:
If your latest update is the December 15, 2021 release or prior, if it advised to take steps to mitigate both vulnerabilities by updating to the very latest version.
Optionally, to allow for some time to roll out the upgrade, one can consider following Tableau's official mitigation steps as a temporary measure until ready to upgrade to a patched version.
CVE-2021-44228 (also known as the Apache Log4j2 Vulnerability).
Fivetran updates: see official statement above
Analytics Domain Lead at Biztory, and DataDev Ambassador. Tableau Iron Viz 2018 Global Champion, Tableau Ambassador 2020-2021, Tableau Certified Consultant & Architect. He runs in his spare time & plays various musical instruments.
Read more articles of this author