search

Islandora-Devops / isle-buildkit

Provides a number of Docker images which can be used to build an Islandora site. See also https://github.com/Islandora-Devops/isle-dc
https://www.islandora.ca/
MIT License
13 stars 23 forks source link

Log4j cleanup on Blazegraph and FITS #332

Closed noahwsmith closed 5 months ago

noahwsmith commented 6 months ago

Clean out ancient log4j and replace with patched version.

noahwsmith commented 6 months ago

Updated to include cleanup on FITS and Solr as well as Blazegraph. @misilot has offered to test.

noahwsmith commented 6 months ago

The built test images are available as: borndigital/blazegraph:blazegraph-log4j, borndigital/solr:blazegraph-log4j and borndigital/fits:blazegraph-log4j

noahwsmith commented 6 months ago

Backing out of Solr - not necessary https://github.com/apache/solr-docker/blob/main/9.5/Dockerfile And covered here by the update to Solr 9.x: https://github.com/Islandora-Devops/isle-buildkit/pull/313

misilot commented 5 months ago

@noahwsmith it looks like it might be still be part of a couple of layers :(

Path : /var/lib/docker/overlay2/bfee10e74d13452ab0bb6c93123be38cea006ec7d705911b6db71d53c4e339c1/diff/opt/tomcat/webapps/bigdata/WEB-INF/lib/log4j-1.2.17.jar Installed version : 1.2.17

Path : /var/lib/docker/overlay2/e9f42b9942914e758fa4c1e32cd87794de5c3274a1e70a56a5f901d742747176/diff/opt/tomcat/webapps/bigdata/WEB-INF/lib/log4j-1.2.17.jar Installed version : 1.2.17

misilot commented 5 months ago

Thanks @noahwsmith this PR seems to work great, and we are no longer getting the log4j hits on our scans.

noahwsmith commented 5 months ago

@joecorall How do you feel about this? Any objections to merging?