summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2021-12-14 08:30:10 -0500
committerDan Timoney <dtimoney@att.com>2021-12-14 14:29:55 -0500
commit1426fed07453672a80dae47416fbf256d58b95f2 (patch)
treef2ca30471677af03fd3c3538cdfd5f141dbe633f
parent0ea903d6d6c9b7e52eb3fd57ba5e3d1f8273b439 (diff)
[SDNC] Mediate log4shell vulnerability
Add Java system property setting to remediate day zero vulnerability, pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and upgrade to a version of OpenDaylight that has upgraded as well). Issue-ID: CCSDK-3556 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml2
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml2
3 files changed, 6 insertions, 0 deletions
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index 69b0fd3bb8..b788a36248 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -79,6 +79,8 @@ spec:
value: "{{ .Values.config.configDir }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 603f3a3f99..a23a6af460 100644
--- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -84,6 +84,8 @@ spec:
value: "{{ .Values.config.configDir }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index f53c41c0f5..d252c9a3fb 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -285,6 +285,8 @@ spec:
value: "{{ .Values.config.javaHome}}"
- name: JAVA_OPTS
value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
- name: KARAF_CONSOLE_LOG_LEVEL
value: "{{ include "common.log.level" . }}"
- name: SDNRWT