I came back to this thread to check about: CVE-2021-44832 (this is a NEW vulnerability)    I have been notified by my internal IT Security that the impacted file versions listed in the CVE exist on the UI servers in my environment. We just updated to 5.5.50 on 3/18/2022 and the version impacted is still showing three files: log4j-1.2-api-2.17.0.jar log4j-api-2.17.0.jar log4j-core-2.17.0.jar  at the following path:  Program Files\BDNA\User Console\Solution\system\kettle\plugins\elasticsearch-bulk-insert-plugin\lib   At what point whould we expect a patch that will remediate this to the recommended version of 2.17.1? Or is the expected remediation to manually replace these files on the server vs. through console version update/patching?   ... View more

Do we have an ETA on a patch for Data Platform and Technopedia for Potential Exposure to CVE-2021-4104?  My security department is riding me pretty hard about this.  ... View more