kolla/docker/storm
Pierre Riteau 448e4f56aa Mitigate two Log4j vulnerabilities in Apache Storm
The Log4j version was bumped on GitHub [1] but it is still pending
inclusion in a release of Apache Storm.

Apply the alternative mitigation recommended by Log4j [2] of removing
the JndiLookup class from the classpath.

[1] https://github.com/apache/storm/pull/3427
[2] https://logging.apache.org/log4j/2.x/security.html

Change-Id: Ib3ecd73f9e39e320acb2c5f0962b8af9b1a817e9
2022-01-13 22:35:27 +01:00
..
storm Add a storm-base image 2021-01-12 16:21:32 +00:00
storm-base Mitigate two Log4j vulnerabilities in Apache Storm 2022-01-13 22:35:27 +01:00