File tree Expand file tree Collapse file tree 1 file changed +10
-1
lines changed Expand file tree Collapse file tree 1 file changed +10
-1
lines changed Original file line number Diff line number Diff line change @@ -5,16 +5,25 @@ LABEL maintainer="emiliano.sune@gmail.com"
5
5
USER root
6
6
ENV STI_SCRIPTS_PATH=/usr/libexec/s2i
7
7
8
+ RUN apt-get update && \
9
+ apt-get install zip
10
+
8
11
# ===============================================================================================
9
- # Mitigation for CVE-2021-44228
12
+ # Mitigation for CVE-2021-44228 and CVE-2021-45046
13
+ # - Set LOG4J_FORMAT_MSG_NO_LOOKUPS=true
14
+ # - Remove JndiLookup.class from the classpath.
10
15
#
11
16
# Upgrade to solr 8.11.1 or greater when availble.
12
17
#
13
18
# References:
14
19
# - https://logging.apache.org/log4j/2.x/security.html
15
20
# - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
21
+ #
22
+ # Search for jars containing JndiLookup.class:
23
+ # - find / -name log4j-core*.jar -exec unzip -vl {} \; 2>/dev/null | grep JndiLookup.class
16
24
# -----------------------------------------------------------------------------------------------
17
25
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
26
+ RUN find / -name log4j-core*.jar -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \; 2>/dev/null
18
27
# ===============================================================================================
19
28
20
29
LABEL io.k8s.description="Run SOLR search in OpenShift" \
You can’t perform that action at this time.
0 commit comments