Summary
A fix for the log4shell vulnerability for Db2 Big SQL is available on Db2 Big SQL 7.2.3 shipping with Cloud Pak for Data 4.0.4.
Please note that while the version of Db2 Big SQL shipped with Cloud Pak for Data 4.0.3 was already 7.2.3, only the version of
Db2 Big SQL shipped with Cloud Pak for Data 4.0.4 contains the log4shell fix.
StepsThe recommended way to install the log4shell fix for Db2 Big SQL is to update the Cloud Pak for Data platform to version 4.0.4.
Follow the instructions on the Upgrading from IBM Cloud Pak for Data Version 4.0.x page to upgrade your Cloud Pak for Data
platform to 4.0.4.
If you are upgrading from IBM Cloud Pak for Data 4.0.3, shortly after the db2u operator is updated, the Db2 Big SQL pods will
restart. Please note that if the db2u operator subscription installPlanApproval has been set to "Automatic", this may happen as
soon as the db2u operator catalog has been updated. After the restart of the Db2 Big SQL pod is completed, a final manual restart
of the pod is required for the log4shell fix to be effective.
This manual restart can be performed by running the following command:
oc delete pod -l app.kubernetes.io/name=db2-bigsql,type=engine
If you are upgrading from another version of IBM Cloud Pak for Data than 4.0.3, the fix is effective as soon as the upgrade of the
Db2 Big SQL service if complete.
#DataManagementGlobal