CVE_2021_44228 - Handling the LOG4J Lookups Critical Vulnerability for Qlik Catalog
The following two configuration changes may be used to disable the expression evaluation feature of log4j2, and can immediately be applied to single-node Catalog May 2021 through Nov 2021, or any version of multi-node Catalog where log4j2 is on the cluster vendor's Hadoop classpath:
Before proceeding, check the first page of Catalog 4.x fix with Log4j 2.17.0. It's highly recommended to apply the fix. However, if you're not ready for the upgrade and you wish to mitigate the vulnerabilities manually, then proceed with the steps below.