log4j vulnerability - Githubissues

xgaia commented 2 years ago

Hello,

This image is concerned by the log4j vulerability

docker scan secoresearch/fuseki | grep log4j

  Upgrade org.apache.logging.log4j:log4j-core@2.14.1 to org.apache.logging.log4j:log4j-core@2.15.0 to fix
  ✗ Arbitrary Code Execution (new) [Critical Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720] in org.apache.logging.log4j:log4j-core@2.14.1
    introduced by org.apache.logging.log4j:log4j-core@2.14.1

Can you upgrade the fuseki version to 4.3.1. This version fix the issue (upgrade log4j to 2.15)

xgaia commented 2 years ago

Thanks for the update !

Could you also re-build the dockerhub image ? https://hub.docker.com/r/secoresearch/fuseki/tags

thanks !

yoge1 commented 2 years ago

Docker Hub images have now been rebuilt!

https://hub.docker.com/r/secoresearch/fuseki/tags

SemanticComputing / fuseki-docker

log4j vulnerability #9