Code Review / oom.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0ea903d)
[SDNC] Mediate log4shell vulnerability 26/126226/4
authorDan Timoney <dtimoney@att.com>
Tue, 14 Dec 2021 13:30:10 +0000 (08:30 -0500)
committerDan Timoney <dtimoney@att.com>
Tue, 14 Dec 2021 19:29:55 +0000 (14:29 -0500)
Add Java system property setting to remediate day zero vulnerability,
pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and
upgrade to a version of OpenDaylight that has upgraded as well).

Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b

kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml patch | blob | history
kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml patch | blob | history
kubernetes/sdnc/templates/statefulset.yaml patch | blob | history

diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index 69b0fd3..b788a36 100644 (file)
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -79,6 +79,8 @@ spec:
           value: "{{ .Values.config.configDir }}"
         - name: SDNC_CONFIG_DIR
           value: "{{ .Values.config.configDir }}"
+        - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+          value: "true"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 603f3a3..a23a6af 100644 (file)
--- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -84,6 +84,8 @@ spec:
           value: "{{ .Values.config.configDir }}"
         - name: SDNC_CONFIG_DIR
           value: "{{ .Values.config.configDir }}"
+        - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+          value: "true"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index f53c41c..d252c9a 100644 (file)
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -285,6 +285,8 @@ spec:
             value: "{{ .Values.config.javaHome}}"
           - name: JAVA_OPTS
             value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+          - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+            value: "true"
           - name: KARAF_CONSOLE_LOG_LEVEL
             value: "{{ include "common.log.level" . }}"
           - name: SDNRWT
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).