Add Java system property setting to remediate day zero vulnerability,
pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and
upgrade to a version of OpenDaylight that has upgraded as well).
Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b
value: "{{ .Values.config.configDir }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
value: "{{ .Values.config.configDir }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
value: "{{ .Values.config.javaHome}}"
- name: JAVA_OPTS
value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+ - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+ value: "true"
- name: KARAF_CONSOLE_LOG_LEVEL
value: "{{ include "common.log.level" . }}"
- name: SDNRWT