Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Upgrade log4j to 2.16.0 as a vulnerability workaround #416

Closed
azagniotov opened this issue Dec 16, 2021 · 3 comments · Fixed by #415 or #417
Closed

[SECURITY] Upgrade log4j to 2.16.0 as a vulnerability workaround #416

azagniotov opened this issue Dec 16, 2021 · 3 comments · Fixed by #415 or #417
Assignees
@azagniotov
Labels
done something is finished security

Comments

@azagniotov
Copy link
Owner

azagniotov commented Dec 16, 2021
edited
Loading

This ticket is to capture PRs made as a result of changes advised by the Apache Foundation in https://logging.apache.org/log4j/2.x/security.html#log4j-2.16.0 as part of workaround to the recently discovered vulnerabilities in log4j v2.x.x. This ticket enhances the #267

To address:
@azagniotov azagniotov added the bug label Dec 16, 2021
@azagniotov azagniotov self-assigned this Dec 16, 2021
This was referenced Dec 16, 2021
Merged
Merged
@azagniotov azagniotov added security and removed bug labels Dec 16, 2021
@azagniotov azagniotov changed the title [BUG] Upgrade log4j to 2.16.0 as a vulnerability workaround [SECURITY] Upgrade log4j to 2.16.0 as a vulnerability workaround Dec 16, 2021
@azagniotov
Copy link
Owner Author

azagniotov commented Dec 16, 2021
edited
Loading

Applied retroactive fix for tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.3.3 and rebuilt stubby4j Docker image tags:

  • azagniotov/stubby4j:7.3.3-jre8
  • azagniotov/stubby4j:7.3.3-jre11
  • azagniotov/stubby4j:7.3.3-jre15

@azagniotov
Copy link
Owner Author

Applied retroactive fix for tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.4.0 and rebuilt stubby4j Docker image tags:

  • azagniotov/stubby4j:7.4.0-jre8
  • azagniotov/stubby4j:7.4.0-jre11
  • azagniotov/stubby4j:7.4.0-jre16

@azagniotov
Copy link
Owner Author

Applied retroactive fix for master branch and tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.5.0 and rebuilt stubby4j Docker image tags:

master

  • azagniotov/stubby4j:latest-jre8
  • azagniotov/stubby4j:latest-jre11
  • azagniotov/stubby4j:latest-jre16

v7.5.0

  • azagniotov/stubby4j:7.5.0-jre8
  • azagniotov/stubby4j:7.5.0-jre11
  • azagniotov/stubby4j:7.5.0-jre16

This was referenced Dec 16, 2021
Open
Closed
This was linked to pull requests Dec 16, 2021
Upgraded log4j to 2.16.0 to patch vulnerability #415
Merged
Removed -Dlog4j.formatMsgNoLookups=true #417
Merged
@azagniotov azagniotov mentioned this issue Dec 20, 2021
Closed
@azagniotov azagniotov mentioned this issue Dec 30, 2021
Closed
@azagniotov azagniotov added the done something is finished label Jan 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azagniotov azagniotov

Labels
done something is finished security
Projects
None yet
Milestone
No milestone
1 participant
@azagniotov