Skip to content

Commit 3ee034e

Browse files
committed
Apply mitigation for CVE-2021-45046
Mitigation documented here; https://logging.apache.org/log4j/2.x/security.html Signed-off-by: Wade Barnes <wade@neoterictech.ca>
1 parent c043c6f commit 3ee034e

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

Dockerfile

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,25 @@ LABEL maintainer="emiliano.sune@gmail.com"
55
USER root
66
ENV STI_SCRIPTS_PATH=/usr/libexec/s2i
77

8+
RUN apt-get update && \
9+
apt-get install zip
10+
811
# ===============================================================================================
9-
# Mitigation for CVE-2021-44228
12+
# Mitigation for CVE-2021-44228 and CVE-2021-45046
13+
# - Set LOG4J_FORMAT_MSG_NO_LOOKUPS=true
14+
# - Remove JndiLookup.class from the classpath.
1015
#
1116
# Upgrade to solr 8.11.1 or greater when availble.
1217
#
1318
# References:
1419
# - https://logging.apache.org/log4j/2.x/security.html
1520
# - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
21+
#
22+
# Search for jars containing JndiLookup.class:
23+
# - find / -name log4j-core*.jar -exec unzip -vl {} \; 2>/dev/null | grep JndiLookup.class
1624
# -----------------------------------------------------------------------------------------------
1725
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
26+
RUN find / -name log4j-core*.jar -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \; 2>/dev/null
1827
# ===============================================================================================
1928

2029
LABEL io.k8s.description="Run SOLR search in OpenShift" \

0 commit comments

Comments
 (0)