Security Advisory - v1.59.11

We are pleased to inform you of the general availability of Matillion ETL v1.59.11. This hotfix release resolves all known vulnerabilities associated with log4j as originally reported in CVE-2021-44228 and CVE-2021-45046.

Matillion ETL 1.59.11 utilizes Log4j v2.17 (and no other versions of Log4j) which at time of writing does not include any known vulnerabilities.

In our service bulletin update from 13 Jan 2021 we indicated that the updated Apache Spark JDBC driver contained an unused version of log4j 1.x. We have now received an updated driver where this has been removed. This updated driver has been included in hotfix release 1.59.11 of Matillion ETL, which means 1.59.11 now includes no version of log4j apart from 2.17.

We recommend all customers upgrade to METL 1.59.11. All future releases of Matillion ETL will continue to incorporate safe versions of log4j.

We wish to thank our customers and partners for their contributions to help us resolve this issue quickly.