Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3363

Update reference deployments in light of log4j remote execution CVE-2021-44228

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Done
    • None
    • None
    • DevOps Sprint 129, DevOps Sprint 130, DevOps Sprint 131, DevOps sprint 132
    • FOLIO DevOps

    Description

      A zero-day remote code execution exploit has been reporting affecting log4j2, used widely in FOLIO modules and Okapi.

      References:
      https://nvd.nist.gov/vuln/detail/CVE-2021-44228
      https://www.lunasec.io/docs/blog/log4j-zero-day/

      Reference deployments will need to be updated to mitigate the risk of DOS (other risks are not so large in these ephemeral systems).

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Umbrella - FOLIO-3364 Update everything to log4j >= 2.16.0 fixing remote execution (CVE-2021-44228)

            • TBD - To be determined
            • Closed

            Activity

              People

                wayne Wayne Schneider
                wayne Wayne Schneider
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases