Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigations for Log4J CVE-2021-44228 #209

Merged
merged 5 commits into from
Jan 13, 2022
Merged

Mitigations for Log4J CVE-2021-44228 #209

merged 5 commits into from
Jan 13, 2022

Commits on Dec 13, 2021

  1. Fix for Log4J CVE-2021-44228 - Global environment variable. 

    As noted in https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/
Setting the enviroment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.
    @alxp
    alxp committed Dec 13, 2021
    Configuration menu
    Copy the full SHA
    291bee3 View commit details
    Browse the repository at this point in the history

Commits on Dec 17, 2021

  1. Update Solr version with Log4J update.

    @alxp
    alxp committed Dec 17, 2021
    Configuration menu
    Copy the full SHA
    9c0d26c View commit details
    Browse the repository at this point in the history

Commits on Jan 6, 2022

  1. Directly remove Jndi lookup class from Log4j core JAR files.

    @alxp
    alxp committed Jan 6, 2022
    Configuration menu
    Copy the full SHA
    13c7425 View commit details
    Browse the repository at this point in the history

Commits on Jan 12, 2022

  1. DOn't run JNDI fix on Solr 8.11.1

    @alxp
    alxp committed Jan 12, 2022
    Configuration menu
    Copy the full SHA
    405233a View commit details
    Browse the repository at this point in the history

  2. Ignore errors removing JNDI class from Solr i.e., already done.

    @alxp
    alxp committed Jan 12, 2022
    Configuration menu
    Copy the full SHA
    68a74c2 View commit details
    Browse the repository at this point in the history