Merge "Mitigate two Log4j vulnerabilities in Apache Storm"
This commit is contained in:
commit
d7dde02653
|
@ -12,6 +12,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
|
||||||
{% if base_package_type == 'rpm' %}
|
{% if base_package_type == 'rpm' %}
|
||||||
{% set storm_packages = [
|
{% set storm_packages = [
|
||||||
'java-1.8.0-openjdk-headless',
|
'java-1.8.0-openjdk-headless',
|
||||||
|
'zip',
|
||||||
] %}
|
] %}
|
||||||
{% elif base_package_type == 'deb' %}
|
{% elif base_package_type == 'deb' %}
|
||||||
|
|
||||||
|
@ -23,6 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
|
||||||
|
|
||||||
{% set storm_packages = [
|
{% set storm_packages = [
|
||||||
'openjdk-' + java_version + '-jre-headless',
|
'openjdk-' + java_version + '-jre-headless',
|
||||||
|
'zip',
|
||||||
] %}
|
] %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -40,6 +42,9 @@ RUN curl -o /tmp/storm.tgz ${storm_url} \
|
||||||
&& tar --strip 1 -xvf /tmp/storm.tgz -C /opt/storm \
|
&& tar --strip 1 -xvf /tmp/storm.tgz -C /opt/storm \
|
||||||
&& rm -f /tmp/storm.tgz
|
&& rm -f /tmp/storm.tgz
|
||||||
|
|
||||||
|
# Mitigation for CVE-2021-44228 and CVE-2021-45046: remove the JndiLookup class
|
||||||
|
# from the classpath
|
||||||
|
RUN zip -q -d /opt/storm/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block storm_python_version %}
|
{% block storm_python_version %}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE)
|
||||||
|
vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.
|
Loading…
Reference in New Issue