From d1d57a92aefd1d4b94655a34eb66741bcdee574f Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 13:13:08 +1100 Subject: [PATCH 1/9] solr-7 images --- images/solr/7.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/solr/7.Dockerfile b/images/solr/7.Dockerfile index b34c71617..7a41def31 100644 --- a/images/solr/7.Dockerfile +++ b/images/solr/7.Dockerfile @@ -29,8 +29,13 @@ USER root RUN apt-get -y update && apt-get -y install \ busybox \ curl \ + zip \ && rm -rf /var/lib/apt/lists/* +# Mitigation for CVE-2021-45046 +RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \ && curl -sL https://github.com/krallin/tini/releases/download/v0.19.0/tini-${architecture} -o /sbin/tini && chmod a+x /sbin/tini From 9221f0ffa5978f5425d59653b19912a4f51000f8 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 13:13:20 +1100 Subject: [PATCH 2/9] solr-8 images --- images/solr/8.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/solr/8.Dockerfile b/images/solr/8.Dockerfile index 4b004af68..374c9e7b3 100755 --- a/images/solr/8.Dockerfile +++ b/images/solr/8.Dockerfile @@ -31,8 +31,13 @@ USER root RUN apt-get -y update && apt-get -y install \ busybox \ curl \ + zip \ && rm -rf /var/lib/apt/lists/* +# Mitigation for CVE-2021-45046 +RUN zip -q -d /opt/solr-8.*/server/lib/ext/log4j-core-2.*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr-8.*/contrib/prometheus-exporter/lib/log4j-core-2.*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \ && curl -sL https://github.com/krallin/tini/releases/download/v0.19.0/tini-${architecture} -o /sbin/tini && chmod a+x /sbin/tini From 8b5d596e255bb79bbdb21ba43c74ac79088dd1a9 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 13:21:05 +1100 Subject: [PATCH 3/9] solr-7.7 images --- images/solr/7.7.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/solr/7.7.Dockerfile b/images/solr/7.7.Dockerfile index 7eac2a8bb..41533164c 100644 --- a/images/solr/7.7.Dockerfile +++ b/images/solr/7.7.Dockerfile @@ -33,6 +33,11 @@ RUN fix-permissions /var/solr \ && fix-permissions /opt/solr/server/logs \ && fix-permissions /opt/solr/server/solr +RUN apk add --no-cache zip + +# Mitigation for CVE-2021-45046 +RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class # solr really doesn't like to be run as root, so we define the default user agin USER solr From f5ff4ff92a64012a9e24630cb1c08f62d38e6380 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 13:42:52 +1100 Subject: [PATCH 4/9] logstash-6 image --- images/logstash/6.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/logstash/6.Dockerfile b/images/logstash/6.Dockerfile index c129dc7e4..6b9003f0b 100644 --- a/images/logstash/6.Dockerfile +++ b/images/logstash/6.Dockerfile @@ -39,6 +39,11 @@ ENV TMPDIR=/tmp \ RUN fix-permissions /usr/share/logstash/data \ && fix-permissions /usr/share/logstash/config +RUN yum -y install zip && yum -y clean all && rm -rf /var/cache + +# Mitigation for CVE-2021-45046 +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" ENTRYPOINT ["/sbin/tini", "--", "/lagoon/entrypoints.bash", "/usr/local/bin/docker-entrypoint"] From 7cff30f6535f1a43744d08d73f880511d6a50d99 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 13:43:02 +1100 Subject: [PATCH 5/9] logstash-7 image --- images/logstash/7.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/logstash/7.Dockerfile b/images/logstash/7.Dockerfile index 05a75de09..55756fdef 100644 --- a/images/logstash/7.Dockerfile +++ b/images/logstash/7.Dockerfile @@ -37,6 +37,11 @@ ENV TMPDIR=/tmp \ RUN fix-permissions /usr/share/logstash/data \ && fix-permissions /usr/share/logstash/config +RUN yum -y install zip && yum -y clean all && rm -rf /var/cache + +# Mitigation for CVE-2021-45046 +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" ENTRYPOINT ["/sbin/tini", "--", "/lagoon/entrypoints.bash", "/usr/local/bin/docker-entrypoint"] From e2a71880a589981e782d433dbbcd1307a48d07fb Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 14:39:17 +1100 Subject: [PATCH 6/9] elasticsearch-7 image --- images/elasticsearch/7.Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/elasticsearch/7.Dockerfile b/images/elasticsearch/7.Dockerfile index 4586ba594..9389a9600 100644 --- a/images/elasticsearch/7.Dockerfile +++ b/images/elasticsearch/7.Dockerfile @@ -35,6 +35,11 @@ ENV TMPDIR=/tmp \ # When Bash is invoked as non-interactive (like `bash -c command`) it sources a file that is given in `BASH_ENV` BASH_ENV=/home/.bashrc +RUN yum -y install zip && yum -y clean all && rm -rf /var/cache + +# Mitigation for CVE-2021-45046 +RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + RUN echo $'\n\ node.name: "${HOSTNAME}"\n\ node.master: "${NODE_MASTER}"\n\ From 181ff15e08b6921b1151a53a18b74a7479d8fe9e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 15 Dec 2021 14:40:59 +1100 Subject: [PATCH 7/9] use exact log4j-core versions --- images/elasticsearch/7.Dockerfile | 2 +- images/logstash/6.Dockerfile | 2 +- images/logstash/7.Dockerfile | 2 +- images/solr/7.7.Dockerfile | 4 ++-- images/solr/7.Dockerfile | 4 ++-- images/solr/8.Dockerfile | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/images/elasticsearch/7.Dockerfile b/images/elasticsearch/7.Dockerfile index 9389a9600..f99f97385 100644 --- a/images/elasticsearch/7.Dockerfile +++ b/images/elasticsearch/7.Dockerfile @@ -38,7 +38,7 @@ ENV TMPDIR=/tmp \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN echo $'\n\ node.name: "${HOSTNAME}"\n\ diff --git a/images/logstash/6.Dockerfile b/images/logstash/6.Dockerfile index 6b9003f0b..b4e1406e4 100644 --- a/images/logstash/6.Dockerfile +++ b/images/logstash/6.Dockerfile @@ -42,7 +42,7 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" diff --git a/images/logstash/7.Dockerfile b/images/logstash/7.Dockerfile index 55756fdef..adc3a3004 100644 --- a/images/logstash/7.Dockerfile +++ b/images/logstash/7.Dockerfile @@ -40,7 +40,7 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.12.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" diff --git a/images/solr/7.7.Dockerfile b/images/solr/7.7.Dockerfile index 41533164c..3ff0f3ce4 100644 --- a/images/solr/7.7.Dockerfile +++ b/images/solr/7.7.Dockerfile @@ -36,8 +36,8 @@ RUN fix-permissions /var/solr \ RUN apk add --no-cache zip # Mitigation for CVE-2021-45046 -RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ - && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class # solr really doesn't like to be run as root, so we define the default user agin USER solr diff --git a/images/solr/7.Dockerfile b/images/solr/7.Dockerfile index 7a41def31..1722dafc8 100644 --- a/images/solr/7.Dockerfile +++ b/images/solr/7.Dockerfile @@ -33,8 +33,8 @@ RUN apt-get -y update && apt-get -y install \ && rm -rf /var/lib/apt/lists/* # Mitigation for CVE-2021-45046 -RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ - && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \ && curl -sL https://github.com/krallin/tini/releases/download/v0.19.0/tini-${architecture} -o /sbin/tini && chmod a+x /sbin/tini diff --git a/images/solr/8.Dockerfile b/images/solr/8.Dockerfile index 374c9e7b3..ff942acdd 100755 --- a/images/solr/8.Dockerfile +++ b/images/solr/8.Dockerfile @@ -35,8 +35,8 @@ RUN apt-get -y update && apt-get -y install \ && rm -rf /var/lib/apt/lists/* # Mitigation for CVE-2021-45046 -RUN zip -q -d /opt/solr-8.*/server/lib/ext/log4j-core-2.*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ - && zip -q -d /opt/solr-8.*/contrib/prometheus-exporter/lib/log4j-core-2.*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /opt/solr-8.10.1/server/lib/ext/log4j-core-2.14.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /opt/solr-8.10.1/contrib/prometheus-exporter/lib/log4j-core-2.14.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \ && curl -sL https://github.com/krallin/tini/releases/download/v0.19.0/tini-${architecture} -o /sbin/tini && chmod a+x /sbin/tini From eb43fe05660153ffbaed1560e69c99f1afd750ac Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 16 Dec 2021 09:20:44 +1100 Subject: [PATCH 8/9] sanitise additional jar files with log4j-core --- images/elasticsearch/6.Dockerfile | 7 +++++++ images/elasticsearch/7.Dockerfile | 3 ++- images/logstash/6.Dockerfile | 3 ++- images/logstash/7.Dockerfile | 3 ++- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/images/elasticsearch/6.Dockerfile b/images/elasticsearch/6.Dockerfile index 7979663aa..554c621fb 100644 --- a/images/elasticsearch/6.Dockerfile +++ b/images/elasticsearch/6.Dockerfile @@ -35,6 +35,13 @@ ENV TMPDIR=/tmp \ # When Bash is invoked as non-interactive (like `bash -c command`) it sources a file that is given in `BASH_ENV` BASH_ENV=/home/.bashrc +RUN yum -y install zip && yum -y clean all && rm -rf /var/cache + +# Mitigation for CVE-2021-45046 (already removed from first jar file) +# RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + + RUN sed -i 's/discovery.zen.minimum_master_nodes: 1//' config/elasticsearch.yml RUN echo $'xpack.security.enabled: false\n\ diff --git a/images/elasticsearch/7.Dockerfile b/images/elasticsearch/7.Dockerfile index f99f97385..b25f4a5e6 100644 --- a/images/elasticsearch/7.Dockerfile +++ b/images/elasticsearch/7.Dockerfile @@ -38,7 +38,8 @@ ENV TMPDIR=/tmp \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.8.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN echo $'\n\ node.name: "${HOSTNAME}"\n\ diff --git a/images/logstash/6.Dockerfile b/images/logstash/6.Dockerfile index b4e1406e4..eb4e8dbeb 100644 --- a/images/logstash/6.Dockerfile +++ b/images/logstash/6.Dockerfile @@ -42,7 +42,8 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" diff --git a/images/logstash/7.Dockerfile b/images/logstash/7.Dockerfile index adc3a3004..1281ca9ba 100644 --- a/images/logstash/7.Dockerfile +++ b/images/logstash/7.Dockerfile @@ -40,7 +40,8 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache # Mitigation for CVE-2021-45046 -RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.12.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.12.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ + && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.0.6-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.6/logstash-input-tcp-6.0.6.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true" From 9d6cb96155bf5bb95698ec324613a9680c4e926f Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 16 Dec 2021 10:00:44 +1100 Subject: [PATCH 9/9] update message for other CVE --- images/elasticsearch/6.Dockerfile | 2 +- images/elasticsearch/7.Dockerfile | 2 +- images/logstash/6.Dockerfile | 2 +- images/logstash/7.Dockerfile | 2 +- images/solr/7.7.Dockerfile | 2 +- images/solr/7.Dockerfile | 2 +- images/solr/8.Dockerfile | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/elasticsearch/6.Dockerfile b/images/elasticsearch/6.Dockerfile index 554c621fb..d771320f9 100644 --- a/images/elasticsearch/6.Dockerfile +++ b/images/elasticsearch/6.Dockerfile @@ -37,7 +37,7 @@ ENV TMPDIR=/tmp \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 (already removed from first jar file) +# Mitigation for CVE-2021-45046 and CVE-2021-44228 (already removed from first jar file) # RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/elasticsearch/7.Dockerfile b/images/elasticsearch/7.Dockerfile index b25f4a5e6..394a241ae 100644 --- a/images/elasticsearch/7.Dockerfile +++ b/images/elasticsearch/7.Dockerfile @@ -37,7 +37,7 @@ ENV TMPDIR=/tmp \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.8.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/logstash/6.Dockerfile b/images/logstash/6.Dockerfile index eb4e8dbeb..87488ed6f 100644 --- a/images/logstash/6.Dockerfile +++ b/images/logstash/6.Dockerfile @@ -41,7 +41,7 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/logstash/7.Dockerfile b/images/logstash/7.Dockerfile index 1281ca9ba..8b143cf88 100644 --- a/images/logstash/7.Dockerfile +++ b/images/logstash/7.Dockerfile @@ -39,7 +39,7 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.12.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.0.6-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.6/logstash-input-tcp-6.0.6.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/solr/7.7.Dockerfile b/images/solr/7.7.Dockerfile index 3ff0f3ce4..5a30d74ed 100644 --- a/images/solr/7.7.Dockerfile +++ b/images/solr/7.7.Dockerfile @@ -35,7 +35,7 @@ RUN fix-permissions /var/solr \ RUN apk add --no-cache zip -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/solr/7.Dockerfile b/images/solr/7.Dockerfile index 1722dafc8..96cba51bf 100644 --- a/images/solr/7.Dockerfile +++ b/images/solr/7.Dockerfile @@ -32,7 +32,7 @@ RUN apt-get -y update && apt-get -y install \ zip \ && rm -rf /var/lib/apt/lists/* -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /opt/solr/contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class diff --git a/images/solr/8.Dockerfile b/images/solr/8.Dockerfile index ff942acdd..8deb93766 100755 --- a/images/solr/8.Dockerfile +++ b/images/solr/8.Dockerfile @@ -34,7 +34,7 @@ RUN apt-get -y update && apt-get -y install \ zip \ && rm -rf /var/lib/apt/lists/* -# Mitigation for CVE-2021-45046 +# Mitigation for CVE-2021-45046 and CVE-2021-44228 RUN zip -q -d /opt/solr-8.10.1/server/lib/ext/log4j-core-2.14.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ && zip -q -d /opt/solr-8.10.1/contrib/prometheus-exporter/lib/log4j-core-2.14.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class