From 1426fed07453672a80dae47416fbf256d58b95f2 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Tue, 14 Dec 2021 08:30:10 -0500 Subject: [SDNC] Mediate log4shell vulnerability Add Java system property setting to remediate day zero vulnerability, pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and upgrade to a version of OpenDaylight that has upgraded as well). Issue-ID: CCSDK-3556 Signed-off-by: Dan Timoney Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b --- kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'kubernetes/sdnc/components/dmaap-listener') diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 69b0fd3bb8..b788a36248 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -79,6 +79,8 @@ spec: value: "{{ .Values.config.configDir }}" - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" + - name: LOG4J_FORMAT_MSG_NO_LOOKUPS + value: "true" volumeMounts: - mountPath: /etc/localtime name: localtime -- cgit 1.2.3-korg