Trust
Status dashboard
Below you will find the status information for each product and service within Collibra Data Intelligence Cloud.
Below you will find the status information for each product and service within Collibra Data Intelligence Cloud.
Last updated on: December 2nd, 2022 at 1:30PM EST
You may be experiencing connectivity issues with Edge sources at this time. We’ve identified the issue and have a workaround available for you to deploy. Please contact Collibra Support by opening a case and our support team will work with you to resolve the issue.
Regions Affected: All
Deployments Affected: Selected Recently Migrated Deployments
CSP: All
Symptom(s): Edge capability degradation or unavailability.
Incident Start Time: Nov 23, 2022
Incident End Time: 12:00 Noon ET Nov 29, 2022
Recommendations:
There is currently no impact to the overall platform (CDIC/DGC).
Last updated on: November 28th, 2022 at 3:00 PM EST
Apache recently issued a security notice disclosing an identity authentication bypass vulnerability (CVE-2022-40664) in Apache Shiro versions earlier than 1.10.0.
Apache Shiro could allow a remote attacker to bypass security restrictions when forwarding or including via RequestDispatcher. A remote attacker can send a specially crafted HTTP request to bypass the authentication process and gain unauthorized access to the application.
Collibra does not use forwarding or including via RequestDispatcher in its source code, and is therefore not vulnerable to this issue.
Whilst Collibra are not using the vulnerable functionality in its products, Collibra in any case plans to upgrade Apache Shiro to a non-vulnerable version in a Collibra release during Q1 2023.
Last updated on: June 10th, 2022 at 3:30 PM EST
AWS notified Collibra of a period of service degradation between 18:01PM PDT and 21:25PM PDT on 6/9/22 impacting only AWS service APIs in the US-EAST-1 region. Collibra Cloud Operations did not detect service degradation on Collibra environments in this region during that timeframe. However, if you believe your environment was impacted, please open a Support ticket referencing this incident for further follow-up.
This is the AWS communication that CloudOps received - which is publicly available: 6:01 PM PDT on 6/9/22, we experienced elevated error rates and latencies for AWS services within the US-EAST-1 Region. The issue affected AWS service APIs, with no impact to data plane services such as EC2 instances, EBS volumes, or Elastic Load Balancers. We started to see recovery at 7:55 PM PDT and were fully recovered by 9:25 PM PDT. The issue has been resolved and the service is operating normally.
Last updated on: April 8th, 2022 at 5:00 PM EST
Collibra is committed to ensuring transparency and trust. To that end, we proactively monitor and respond to threats that might impact our products and services.
Collibra is aware of the vulnerabilities involving, Spring4Shell, comprised of CVE-2022-22965 and CVE-2022-22963. CVE-2022-22965 involves vulnerabilities impacting Spring WebMVC and Spring WebFlux applications running on Java 9 and later and exposes the applications to the possibility of remote code execution (RCE). CVE-2022-22963 impacts the Spring Expression Language (SpEL) and can expose applications to the possibility of remote code execution (RCE).
We are continuously monitoring and evaluating these vulnerabilities.
Based on initial review of Collibra products, the impact assessment is as follows:
| Product - GA Only | Impacted by CVE-2022-22965 | Impacted by CVE-2022-22963 |
|---|---|---|
| Collibra Data Intelligence Cloud (DGC) | No | No |
| DGC On-Premise | No | No |
| Collibra Data Governance | No | No |
| Collibra Data Privacy | No | No |
| Collibra Data Catalog | No | No |
| Collibra Data Lineage | No | No |
| Collibra Data Quality, On-Premises | No | No |
| Collibra Data Quality, Cloud | No | No |
| Collibra Insights | No | No |
| Collibra Edge | No¹ | No |
| Collibra Job Server, On-Premise | No | No |
| Collibra Job Server, Cloud | No | No |
Collibra has conducted an initial review of the key third party software embedded in our product offerings and found no impact from Spring4Shell vulnerabilities.
An update to this incident will be posted if there is a change to the status.
Last updated on: January 19, 2022 at 5:00 PM EST
Collibra is aware of the vulnerabilities with Apache Log4j, a Java logging library. As Collibra Security continues to monitor our software and systems for any impact from this vulnerability, the status below may change. Please continue to monitor this page for our latest updates.
Apache Log4j vulnerabilities as designated by Mitre:
| CVE ID | Date Discovered |
|---|---|
| CVE-2021-44228 | December 10, 2021 |
| CVE-2021-45046 | December 14, 2021 |
| CVE-2021-45105 | December 18, 2021 |
After a comprehensive review of Collibra products, Collibra identified that Collibra Data Quality was impacted and a patch to fix the vulnerability was issued on December 11, 2021. Through our further assessments, it was determined that all Collibra proprietary software code within Collibra Data Intelligence Cloud (formerly DGC) does not leverage vulnerable versions of Log4j (versions 2.0 to 2.14.1).
We are continuing to assess third party software and libraries related to CVE-2021-44228 and are completing the necessary updates. In the interim, we are actively developing and providing mitigations to protect our customers.
Collibra is aware of the vulnerability related to Apache Log4j 2.15.0. Please see below the status of Collibra products and third party software impacted and solutions provided.
Collibra has assessed the impact on its third party software, Elasticsearch, against the new found vulnerability in Log4j version 2.16.0, CVE-2021-45105. Please see below the status of third party software impacted and solutions provided.
Recommendation: The current guidance to customers is to continue to implement the patch made available for their applicable DGC on-premises versions using the guidance for Elasticsearch below. The patch remediates the risk from the identified vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. Your vulnerability scanners may produce false positive results indicating your systems are vulnerable due to the inclusion of Log4j versions below 2.17; however, the recommended patches from Collibra will protect against the currently described CVEs.
We are continuing to assess third party software and libraries related to Log4j and will update information here as needed.
The below tables contain our most up-to-date guidance on our products.
| Product - GA Only | Impacted by CVE-2021-44228 | Impacted by CVE-2021-45046 | Impacted by CVE-2021-45105 |
|---|---|---|---|
| Collibra Data Intelligence Cloud | No | No | No |
| DGC On-Premises | No | No | No |
| Collibra Data Governance | No | No | No |
| Collibra Data Privacy | No | No | No |
| Collibra Data Catalog | No | No | No |
| Collibra Data Lineage | No | No | No |
| Collibra Data Quality, On-Premises | Yes, fix complete (see instructions) | Yes, fix complete (see instructions) | Yes, fix complete (see instructions) |
| Collibra Data Quality, Cloud | Yes, fix complete (no action required) | Yes, fix complete (no action required) | Yes, fix complete (no action required) |
| Collibra Insights | No | No | No |
| Collibra Edge | No¹ | No¹ | No¹ |
| Collibra Job Server, On-Premises | No² | No² | No² |
| Collibra Job Server, Cloud | No² | No² | No² |
Collibra is currently evaluating third party software embedded in our product offerings and further updates will be provided as more is known.
We have determined the following third party software are impacted:
| Third Party Software | Collibra Product Impacted | Fix Status |
|---|---|---|
| Elasticsearch, On-Premises | DGC On-Premises, any version earlier than 5.7.10 |
Complete: Manual patch process Elasticsearch 6.8.14 to.7.12.2 See Linux instructions See Windows instructions |
| DGC On-Premises 5.7.11-1 |
Complete: Standard patch process Elasticsearch 7.16.1 (release notes) Note: Please follow the standard installation process |
|
| DGC On-Premises 5.7.10-2 |
Complete: Standard patch process Elasticsearch 7.16.1 (release notes) Note: Please follow the standard installation process |
|
| DGC On-Premises 5.7.11-2 |
Complete: Standard patch process Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes) Note: Please follow the standard installation process |
|
| DGC On-Premises 5.7.10-3 |
Complete: Standard patch process Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes) Note: Please follow the standard installation process |
|
| Elasticsearch, Cloud | Collibra Data Intelligence Cloud 2021.11 to 2021.04 |
Completed on Dec. 13, 2021: Remediated Elasticsearch versions 6.8.14 to 7.12.1 |
| Collibra Data Intelligence Cloud 2021.09.3 |
Completed on Dec. 22 and 23, 2021: Standard cloud deployment Elasticsearch 7.16.1 (release notes) |
|
| Collibra Data Intelligence Cloud 2021.09.4 |
Completed on Jan. 16, 2022: Standard cloud deployment Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes) |
|
| Collibra Data Intelligence Cloud 2021.10.2 |
Completed on Dec. 19, 2021: Standard cloud deployment Elasticsearch 7.16.1 (release notes) |
|
| Collibra Data Intelligence Cloud 2021.10.3 |
Completed on Jan. 16, 2022: Standard cloud deployment Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes) |
|
| Collibra Data Intelligence Cloud 2021.11.2 |
Completed on Dec. 19, 2021: Standard cloud deployment Elasticsearch 7.16.1 (release notes) |
|
| Collibra Data Intelligence Cloud 2021.11.3 |
Completed on Jan. 9, 2022: Standard cloud deployment Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes) |
|
| Mulesoft | Collibra Connect | Complete: Instructions provided by Mulesoft |
Please navigate to Collibra Marketplace for updates, fixes and new releases related to any potential Log4j vulnerabilities.
Please consult your Customer Success Manager or the Collibra contact you are working with on the beta test.
Collibra Security highly recommends customers to follow the best practices within their own environments to help with mitigations and workarounds to protect their applications.
Customers should also check whether any other (non-Collibra) software they are running may be impacted and check in with applicable vendors for available patches.
Collibra Security will continue to provide updates as necessary in this webpage.
Further updates to this incident will be posted as needed.
¹Collibra Edge includes log4j-*.jar libraries. However, the vulnerability is neutralized because log4j-core is not included. Please note that vulnerability scanning tools may report false positives as a result.
Incident dateUTC |
Severity |
Summary |
Resolution dateUTC |
|---|---|---|---|
| Jan 05, 2022 at 12:25 |  | MI-20230105: Collibra engineers identified and remediated an issue impacting non-production Cloud instance DNS records. | Jan 05, 2022 at 13:13 |
| Nov 11, 2022 at 02:09 | | MI-20221111: Collibra engineering identified and resolved an issue with non-production instances on 2022.11 being intermittently inaccessible | Nov 11, 2022 at 10:00 |
| Oct 16, 2022 at 23:00 | | MI-20221016: Collibra engineering identified and resolved an issue with some non-prod Cloud instances becoming inaccessible. | Oct 17, 2022 at 02:00 |
OutageDisruption
Products |
AmericasNorth, Central and South |
EMEAEurope, Middle East and Africa |
APACAsia Pacific |
GovCloudUS East |
|---|---|---|---|---|
| Data Governance |  | | | |
| Data Catalog | | | | |
| Data Classification | | | | |
| Data Lineage | | | | |
| Metadata Connectors | | | | |
| Insights Data Access | | | | |
| Data Privacy | | | | |
AvailableOutageDisruption
N/A*Note: the status above indicates availability of the majority of environments in the listed regions, excluding monthly planned downtime.