Try Collibra
Contact Us
Call us
Offices
Email
United States
+1 646 893 3042
Accounts receivable department
+1 646 974 0772
All other
+32 2 793 02 19
North America: USA and Canada
Collibra Inc.
61 Broadway, 31st Floor
New York, NY 10006 - USA
EMEA: Belgium
Collibra NV
Picardstraat 11 B 205,
1000 Brussels - BELGIUM
View all
Register for access
Register for access
  • Dashboard
  • University
  • Data Citizens
  • Marketplace
  • Product Resources
  • Support
  • Developer Portal
Sign in Register
By signing up you agree to Collibra's Privacy Policy.
For Partners
Partner Portal
Partner Community
My Profile
Edit
John Smith
name@company.com
Data Scientist, USA
Interests
Cloud-Ready Data
Digital Transformation
Data Governance
Dashboard Sign out
Collibra Sites
Collibra.com
Blog
Dashboard
Data Citizens Community
Documentation
Marketplace
Product Resources
Support
University
Developers
Partners
Developer Portal
Partner Portal
Partner Community
Trust

Status dashboard

Below you will find the status information for each product and service within Collibra Data Intelligence Cloud.

Updated on: April 8th, 2022 at 5:00 PM EST

Spring4Shell Vulnerabilities

Collibra is committed to ensuring transparency and trust. To that end, we proactively monitor and respond to threats that might impact our products and services.

Collibra is aware of the vulnerabilities involving, Spring4Shell, comprised of CVE-2022-22965 and CVE-2022-22963. CVE-2022-22965 involves vulnerabilities impacting Spring WebMVC and Spring WebFlux applications running on Java 9 and later and exposes the applications to the possibility of remote code execution (RCE). CVE-2022-22963 impacts the Spring Expression Language (SpEL) and can expose applications to the possibility of remote code execution (RCE).

We are continuously monitoring and evaluating these vulnerabilities.

Summary of impact for Collibra

Based on initial review of Collibra products, the impact assessment is as follows:

Collibra Proprietary Software

Product - GA Only Impacted by CVE-2022-22965 Impacted by CVE-2022-22963
Collibra Data Intelligence Cloud (DGC) No No
DGC On-Premise No No
Collibra Data Governance No No
Collibra Data Privacy No No
Collibra Data Catalog No No
Collibra Data Lineage No No
Collibra Data Quality, On-Premises No No
Collibra Data Quality, Cloud No No
Collibra Insights No No
Collibra Edge No¹ No
Collibra Job Server, On-Premise No No
Collibra Job Server, Cloud No No
¹Collibra Edge is using the vulnerable version of Spring Framework. Collibra Edge does not expose the vulnerable services therefore there is no risk. Out of abundance of caution, Collibra will issue a patch to update the Spring Framework in the upcoming April release.

Third Party Software

Collibra has conducted an initial review of the key third party software embedded in our product offerings and found no impact from Spring4Shell vulnerabilities.

Next Steps

An update to this incident will be posted if there is a change to the status.



Updated on: January 19, 2022 at 5:00 PM EST

Vulnerability with Apache Log4j

Collibra is aware of the vulnerabilities with Apache Log4j, a Java logging library. As Collibra Security continues to monitor our software and systems for any impact from this vulnerability, the status below may change. Please continue to monitor this page for our latest updates.

Apache Log4j vulnerabilities as designated by Mitre:

CVE ID Date Discovered
CVE-2021-44228 December 10, 2021
CVE-2021-45046 December 14, 2021
CVE-2021-45105 December 18, 2021

Summary of impact for Collibra related to CVE-2021-44228

After a comprehensive review of Collibra products, Collibra identified that Collibra Data Quality was impacted and a patch to fix the vulnerability was issued on December 11, 2021. Through our further assessments, it was determined that all Collibra proprietary software code within Collibra Data Intelligence Cloud (formerly DGC) does not leverage vulnerable versions of Log4j (versions 2.0 to 2.14.1).

We are continuing to assess third party software and libraries related to CVE-2021-44228 and are completing the necessary updates. In the interim, we are actively developing and providing mitigations to protect our customers.

Summary of impact for Collibra related to CVE-2021-45046

Collibra is aware of the vulnerability related to Apache Log4j 2.15.0. Please see below the status of Collibra products and third party software impacted and solutions provided.

Summary of impact for Collibra related to CVE-2021-45105

Collibra has assessed the impact on its third party software, Elasticsearch, against the new found vulnerability in Log4j version 2.16.0, CVE-2021-45105. Please see below the status of third party software impacted and solutions provided.

Recommendation: The current guidance to customers is to continue to implement the patch made available for their applicable DGC on-premises versions using the guidance for Elasticsearch below. The patch remediates the risk from the identified vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. Your vulnerability scanners may produce false positive results indicating your systems are vulnerable due to the inclusion of Log4j versions below 2.17; however, the recommended patches from Collibra will protect against the currently described CVEs.

We are continuing to assess third party software and libraries related to Log4j and will update information here as needed.

The below tables contain our most up-to-date guidance on our products.

Collibra Proprietary Software

Product - GA Only Impacted by CVE-2021-44228 Impacted by CVE-2021-45046 Impacted by CVE-2021-45105
Collibra Data Intelligence Cloud No No No
DGC On-Premises No No No
Collibra Data Governance No No No
Collibra Data Privacy No No No
Collibra Data Catalog No No No
Collibra Data Lineage No No No
Collibra Data Quality, On-Premises Yes, fix complete (see instructions) Yes, fix complete (see instructions) Yes, fix complete (see instructions)
Collibra Data Quality, Cloud Yes, fix complete (no action required) Yes, fix complete (no action required) Yes, fix complete (no action required)
Collibra Insights No No No
Collibra Edge No¹ No¹ No¹
Collibra Job Server, On-Premises No² No² No²
Collibra Job Server, Cloud No² No² No²

Third Party Software

Collibra is currently evaluating third party software embedded in our product offerings and further updates will be provided as more is known.

We have determined the following third party software are impacted:

Third Party Software Collibra Product Impacted Fix Status
Elasticsearch, On-Premises DGC On-Premises,
any version earlier than 5.7.10		 Complete:
Manual patch process
Elasticsearch 6.8.14 to.7.12.2
See Linux instructions
See Windows instructions
DGC On-Premises
5.7.11-1		 Complete:
Standard patch process
Elasticsearch 7.16.1 (release notes)
Note: Please follow the standard installation process
DGC On-Premises
5.7.10-2		 Complete:
Standard patch process
Elasticsearch 7.16.1 (release notes)
Note: Please follow the standard installation process
DGC On-Premises
5.7.11-2		 Complete:
Standard patch process
Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes)
Note: Please follow the standard installation process
DGC On-Premises
5.7.10-3
 Complete:
Standard patch process
Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes)
Note: Please follow the standard installation process
Elasticsearch, Cloud Collibra Data Intelligence Cloud
2021.11 to 2021.04		 Completed on Dec. 13, 2021:
Remediated Elasticsearch versions
6.8.14 to 7.12.1
Collibra Data Intelligence Cloud
2021.09.3		 Completed on Dec. 22 and 23, 2021:
Standard cloud deployment
Elasticsearch 7.16.1 (release notes)
Collibra Data Intelligence Cloud
2021.09.4		 Completed on Jan. 16, 2022:
Standard cloud deployment
Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes)
Collibra Data Intelligence Cloud
2021.10.2		 Completed on Dec. 19, 2021:
Standard cloud deployment
Elasticsearch 7.16.1 (release notes)
Collibra Data Intelligence Cloud
2021.10.3		 Completed on Jan. 16, 2022:
Standard cloud deployment
Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes)
Collibra Data Intelligence Cloud
2021.11.2		 Completed on Dec. 19, 2021:
Standard cloud deployment
Elasticsearch 7.16.1 (release notes)
Collibra Data Intelligence Cloud
2021.11.3		 Completed on Jan. 9, 2022:
Standard cloud deployment
Elasticsearch 7.16.2 (contains log4j 2.17.0) (release notes)
Mulesoft Collibra Connect Complete:
Instructions provided by Mulesoft

Collibra Marketplace Assets:

Please navigate to Collibra Marketplace for updates, fixes and new releases related to any potential Log4j vulnerabilities.

Collibra Beta Products

Please consult your Customer Success Manager or the Collibra contact you are working with on the beta test.

Next steps:

Collibra Security highly recommends customers to follow the best practices within their own environments to help with mitigations and workarounds to protect their applications.

Customers should also check whether any other (non-Collibra) software they are running may be impacted and check in with applicable vendors for available patches.

Collibra Security will continue to provide updates as necessary in this webpage.

Further updates to this incident will be posted as needed.

¹Collibra Edge includes log4j-*.jar libraries. However, the vulnerability is neutralized because log4j-core is not included. Please note that vulnerability scanning tools may report false positives as a result.
²Collibra Jobserver includes a Log4j library that is not impacted by CVE-2021-44228 or CVE-2021-45046. Jobserver is not using the functionality related to CVE-2020-9488 and CVE-2019-17571 and therefore not vulnerable. Please note that vulnerability scanning tools may report false positives as a result. Collibra is working on deprecating this library in the future.
View current
Past incidents

Current status by product

Past incidents

Incident date

UTC

Severity

Summary

Resolution date

UTC
Mar 27, 2022 at 15:00Maintenance window was extended to 5:00 PM ET from the standard end time of 11 AM ET. Impact to customer is limited to 20 minute downtime during the upgrade beyond the advertised 11 AM ET.Mar 27, 2022 at 17:00
Mar 21, 2022 at 02:00MI:20220321: An issue with our third party software vendor JFrog (JFrog Artifactory), used internally by Edge and Catalog products caused a disruption to our Servcies in all regions.Mar 21, 2022 at 14:00
Dec 22, 2021 at 13:00MI-20211222: Collibra Service Outage caused by loss of power in our Cloud Service Provider AWS’s Data Center affected availability and connectivity to EC2 instances in use by Collibra within AWS AMERS RegionDec 22, 2021 at 22:57
  • Outage
  • Disruption

Status Dashboard is temporarily unavailable. Please try again later.

Products

Americas

North, Central and South

EMEA

Europe, Middle East and Africa

APAC

Asia Pacific

GovCloud

US East
Data Governance
Data Catalog
Data Classification
Data Lineage
Metadata Connectors
Insights
Data Privacy
  • Available
  • Outage
  • Disruption
  • N/A

*Note: the status above indicates availability of the majority of environments in the listed regions, excluding monthly planned downtime.

New to Collibra
Get More Out of Collibra
Partners
Connect
Stay in touch

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.