Log4j2 Vulnerability Update for Tableau Server and Desktop
by Devin Cook, on December 16, 2021
Have you heard about the Log4j2 Vulnerability? It might be time for a Tableau Server Health Checkup - If you're ready to resolve this issue on your own, keep reading.
Arkatechture is sharing an update from our partner Tableau on remediation steps for the Log4j2 vulnerability CVE-2021-44228. If your organization is using Tableau, take a quick look to make sure you're covered.
Tableau's instructions on the issue can be found here: https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell
For Tableau Desktop and Server, you have the option of upgrading Tableau, or making manual modifications to your systems as detailed in the instructions.
For Tableau Server, these manual modifications involve minimal down time, likely less than 30 minutes.
For Tableau Desktop, we recommend installing the new patched version for your tableau release, linked below.
For Tableau Server
Patched versions for recent releases can be found here:
https://www.tableau.com/support/releases/server/2021.4.1#esdalt
https://www.tableau.com/support/releases/server/2021.3.5#esdalt
https://www.tableau.com/support/releases/server/2021.2.6#esdalt
For Tableau Desktop
Patched release versions are found here:
https://www.tableau.com/support/releases
For Tableau Online
Tableau has indicated that Tableau Online is affected by the vulnerability, and performed scheduled maintenance last evening. https://trust.tableau.com/
We await further information from Tableau on mitigation of this vulnerability for Tableau Online. At this time, Tableau has not advised any change in use of Tableau Online.
Please contact us if you would like assistance with any of these steps, or have any questions.