Skip to main content

Meroxa CLI v2.0.0 (Beta)

· 2 min read

With Meroxa CLI version v2.0.0, we're introducing a new set of commands to operate with Turbine Data Applications, and we're also deprecating the ones that won't apply going forward. New commands are:

  • apps deploy to deploy a Turbine Data Application.
  • apps describe to inspect more information about your Turbine Data Application.
  • apps init to initialize a new Turbine Data Application locally in the language of your choice.
  • apps list to list all your available Turbine Data Applications.
  • apps remove to remove a Turbine Data Application.
  • apps run to run locally a Turbine Data Application.
  • build describe to inspect a Meroxa Process Build.
  • build logs to a Meroxa Process Build's Logs.

If you want to read more about the Turbine Data Applications Beta check out the beta overview. If you wanted to get started building your first Turbine Data Application, check out our documentation to get started.

Log4j (Log4shell) CVE-2021-44228

· 2 min read

On December 10th, 2021 researchers published details of an exploit affecting the popular Java logging library Log4j (CVE-2021-44228). The vulnerability in question exploited a feature (Lookups) introduced into v2.x that would allow for malicious messages logged via the system to be interpreted, ultimately allowing the execution of arbitrary code.

The Meroxa Data Platform is largely built on Go (Golang) and as such exposure to this CVE is very limited. Specifically Java (and therefore Log4j) is only used by Apache Kafka and the various Apache Kafka ecosystem components deployed on the platform.

In the case of Apache Kafka and Apache Kafka Connect, both use Log4j-v1.2.17 which is not affected by the recently disclosed vulnerability. You can find more details on the Apache Kafka website (CVE list).

Kafka Connect Connectors however can utilize different versions of the Log4j library. As such we have audited all connectors currently supported on the platform and have deployed updated (remediated) versions. Specifically we have upgraded to versions using Log4j v2.16.0 which removes the feature entirely that introduced the vulnerability.

Additionally we have audited our configurations to confirm that no user generated data is logged via any supported connectors further limiting the ability for this vulnerability to be exploited on the Meroxa Data Platform.

We will of course continue to monitor developments related to the CVE and will take any actions necessary to ensure the security of our platform.

Azure CosmosDB Connector Public Beta

· One min read

Azure Cosmos DB is now available in Public Beta as a Source Connector on Meroxa. This means you can start provisioning Cosmos DB via the Meroxa Dashboard or CLI:

$ meroxa resources create sourcedb --type cosmosdb --url cosmosdb://$COSMOS_ACCOUNT_NAME:$COSMOS_PRIMARY_KEY@$$COSMOS_DATABASE

For any questions or comments, please feel free to email us at or reach out to us on Twitter

New CLI `--no-headers` option

· One min read

With Meroxa CLI version v1.2.0, we're adding the --no-headers option to any command that lists a Meroxa Platform resource.

This option is useful when performing scripting operations that depends on a specific number.