Lire cet article en Français 
Tableau Log4j – Serenely Upgrade To Tableau’s Patched Version
Log4j2 – Urgency
The tech world is shaken by the discovery of a critical vulnerability (CVE-2021-44228, CVSS score 10) that affects the Java Log4j2 logging library. All software editors using Java are working hard to analyze the risks and eventually provide a patch as soon as possible to secure their customers (👉 Read the official press release from Wiiisdom for its customers).
It is therefore imperative for all businesses and organizations to patch when software is impacted by this flaw, otherwise, you are leaving a door wide open for hackers. At Wiiisdom, we’ve seen hundreds of customers contacting us to find out if they are impacted. This breach that went viral in a matter of hours is probably the hot topic of your company’s board and CISO, and your BI/Analytics software like Tableau needs to be updated.
An update on the Apache Log4j2 vulnerability: https://t.co/oFyYExOLtF pic.twitter.com/nfBbt93vjc
— Tableau (@tableau) December 15, 2021
Log4j2 Resolution
If you look around on social media networks and forums you can probably already find workarounds to protect yourself, but as Tableau and all publishers in the world recommend, you must patch your software.
It cannot be repeated enough, but it is important to regularly update your software, and the current context is the sad proof. Tableau has delivered the patch for Tableau Server, in this case with version 2021.4.1. Tableau Online (now Tableau Cloud) should also be updated soon.
Tableau customers, thank you for your continued patience as we address the Log4j2 vulnerability. New updates are now available, including releases that address the issue or mitigation steps. Please visit our knowledge based article for full details: https://t.co/4qU5zFntDj
— Tableau (@tableau) December 16, 2021
“It is important to wait not to rush”
Of course, the current context pushes you to upgrade quickly and it is an urgent issue. However, testing is essential for such projects, for obvious reasons of cost and quality, but even more so in the current situation. Which organization allows itself to patch without preparation? This would mean taking further ill-considered risks.
- How will you ensure user trust and adoption of this new version?
- How will you prove to management, who are following this issue closely, that Tableau’s data, visualizations, functionality, and performance have not been impacted?
- What if some problems are detected once in production?
At Wiiisdom, we’ve been making BI and Analytics platforms more reliable for 15 years and we know that such unprepared projects are very risky, and can destroy the user trust you’ve worked so hard to build over the past few years.
The current context proves once again the necessity to integrate the security issue at the heart of your decisions, and it is obvious that migration testing or upgrade testing must be at the heart of your strategy.
For Tableau, the Wiiisdom Ops solution allows you to serenely prepare your upgrade, by preparing your test cases, and by ensuring large-scale tests, all in an automated way. These tests will allow you among other things to:
- Check that the data present in your dashboards corresponds to what was present in the same dashboards in the previous version;
- Check that the visualizations themselves have not been impacted (colors, layout, etc.);
- Validate that the performance has not been impacted;
- Provide test reports to certify the quality of the update.
Wiiisdom Ops applies methods inspired by DevOps, especially CI/CD, allowing you to add an agility brick to your stack. You will have the possibility to integrate the dashboard delivery after a test cycle, then to test again in prod or in acceptance; the whole process in an automated way, thus limiting the costs and the risks of error.
Even with this urgency to upgrade, it is vital you prepare and test the upgrade. Wiiisdom teams are ready to help you on this project, contact us today.
PS: A few months ago, we published two articles on the best upgrade practices for Tableau.
