ivandasch commented on pull request #9643: URL: https://github.com/apache/ignite/pull/9643#issuecomment-993515868
There are standard action 1. If you do not use log4j2 adapter of Apache Ignite, do nothing 2. If you use it, do: a. Set the system property “log4j2.formatMsgNoLookups” to “true” b. If the server has Java runtimes later than 8u121, then it is protected against remote code execution by defaulting “com.sun.jndi.rmi.object.trustURLCodebase” and “com.sun.jndi.cosnaming.object.trustURLCodebase” to “false”(see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html). вт, 14 дек. 2021 г. в 15:41, 3zhaochen ***@***.***>: > Hi. For the log4j vulnerability CVE-2021-44228, can you provide a > workaround? > > 发件人: Nikita Amelchev ***@***.*** > 发送时间: 2021年12月13日 16:39 > 收件人: apache/ignite ***@***.***> > 抄送: zhaochen (L) ***@***.***>; Comment ***@***.***> > 主题: Re: [apache/ignite] IGNITE-16101 update log4j to 2.15 (PR #9643) > > > When will version 2.12 be released? > > There are several release blockers. The estimate time is end of December. > See https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.12 > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub< > https://github.com/apache/ignite/pull/9643#issuecomment-992229314>, or > unsubscribe< > https://github.com/notifications/unsubscribe-auth/AP4VQNFH44LKIRODCSLRIELUQWWJHANCNFSM5JZIJTDA>. > > Triage notifications on the go with GitHub Mobile for iOS< > https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> > or Android< > https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. > > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > <https://github.com/apache/ignite/pull/9643#issuecomment-993500759>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABOHMELGKJKRA37UFWY52W3UQ43PLANCNFSM5JZIJTDA> > . > Triage notifications on the go with GitHub Mobile for iOS > <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> > or Android > <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. > > -- Sincerely yours, Ivan Daschinskiy -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
