diff options
author | Dan Timoney <dtimoney@att.com> | 2021-12-14 08:30:10 -0500 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2021-12-14 14:29:55 -0500 |
commit | 1426fed07453672a80dae47416fbf256d58b95f2 (patch) | |
tree | f2ca30471677af03fd3c3538cdfd5f141dbe633f | |
parent | 0ea903d6d6c9b7e52eb3fd57ba5e3d1f8273b439 (diff) |
[SDNC] Mediate log4shell vulnerability
Add Java system property setting to remediate day zero vulnerability,
pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and
upgrade to a version of OpenDaylight that has upgraded as well).
Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b
3 files changed, 6 insertions, 0 deletions
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 69b0fd3bb8..b788a36248 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -79,6 +79,8 @@ spec: value: "{{ .Values.config.configDir }}" - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" + - name: LOG4J_FORMAT_MSG_NO_LOOKUPS + value: "true" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml index 603f3a3f99..a23a6af460 100644 --- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml @@ -84,6 +84,8 @@ spec: value: "{{ .Values.config.configDir }}" - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" + - name: LOG4J_FORMAT_MSG_NO_LOOKUPS + value: "true" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index f53c41c0f5..d252c9a3fb 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -285,6 +285,8 @@ spec: value: "{{ .Values.config.javaHome}}" - name: JAVA_OPTS value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}" + - name: LOG4J_FORMAT_MSG_NO_LOOKUPS + value: "true" - name: KARAF_CONSOLE_LOG_LEVEL value: "{{ include "common.log.level" . }}" - name: SDNRWT |