search

openshift / origin-aggregated-logging

139 stars 231 forks source link

Bug 2030985: Add log4j option to mitigate CVE-2021-44228 #2218

Closed periklis closed 2 years ago

periklis commented 2 years ago

Description

This PR adds the -Dlog4j2.formatMsgNoLookups=true JVM option to Elasticsearch to mitigate CVE-2021-44228 according to: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

/cc @jcantrill /assign @jcantrill

Links

openshift-ci[bot] commented 2 years ago

@periklis: This pull request references Bugzilla bug 2030985, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target release (3.11.z) matches configured target release for branch (3.11.z) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (anli@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/origin-aggregated-logging/pull/2218): >Bug 2030985: Add log4j option to mitigate CVE-2021-44228 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
joepvd commented 2 years ago

/retest

vimalk78 commented 2 years ago

/retest

openshift-ci[bot] commented 2 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jcantrill, periklis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/origin-aggregated-logging/blob/release-3.11/OWNERS)~~ [jcantrill] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

thegreyd commented 2 years ago

/retest

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-ci[bot] commented 2 years ago

@periklis: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/openshift-jenkins/json-file cf872cba8eca580f619221aaaa095406f235e2d1 link true /test json-file
ci/prow/images cf872cba8eca580f619221aaaa095406f235e2d1 link true /test images
ci/openshift-jenkins/logging cf872cba8eca580f619221aaaa095406f235e2d1 link true /test logging

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot commented 2 years ago

/retest-required

Please review the full test history for this PR and help us cut down flakes.

jupierce commented 2 years ago

https://coreos.slack.com/archives/CJARLA942/p1639411425281500?thread_ts=1639382532.259700&cid=CJARLA942

openshift-ci[bot] commented 2 years ago

@periklis: All pull requests linked via external trackers have merged:

Bugzilla bug 2030985 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/origin-aggregated-logging/pull/2218): >Bug 2030985: Add log4j option to mitigate CVE-2021-44228 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.