Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log4j 2nd update #661

Merged
merged 1 commit into from
Dec 14, 2021
Merged

log4j 2nd update #661

merged 1 commit into from
Dec 14, 2021

Conversation

mandarjog
Copy link
Contributor

@mandarjog mandarjog commented Dec 14, 2021
edited

Fix missed in the previous update.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

Not included in v0.3.3

@mandarjog mandarjog requested a review from a team as a code owner December 14, 2021 19:10
@NimJay
Copy link
Collaborator

NimJay commented Dec 14, 2021
edited

Thanks for creating this PR, @mandarjog!
That was fast! ⚡

We will work on reviewing this immediately.
But we will not be creating a new release of microservices-demo immediately.
Reason:

  • According to the link you shared, "Log4j 2.15.0 was incomplete in certain non-default configurations".
  • But we're using default Log4j configurations for this app.

NimJay
NimJay approved these changes Dec 14, 2021
View reviewed changes
Copy link
Collaborator

@NimJay NimJay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deployment-tests (local-code) job is currently failing because our GitHub Action runners are not able to create publicly accessible GKE Ingresses. We're working on fixing this.
In the meantime, I've tested deployment of changes from this pull-request in my own GKE cluster.
I did a quick smoke test. Everything works. :)
Approved!

Thanks again, @mandarjog! 👏

@NimJay NimJay merged commit 5e86b86 into GoogleCloudPlatform:master Dec 14, 2021
sitaramkm pushed a commit to sitaramkm/microservices-demo that referenced this pull request Mar 27, 2022
@mandarjog @sitaramkm
log4j 2nd update (GoogleCloudPlatform#661)
3ecccf6 
Fixed missed in the previous update.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
@NimJay NimJay mentioned this pull request Apr 6, 2022
Closed
D-Mwanth pushed a commit to D-Mwanth/microservices-demo that referenced this pull request Mar 6, 2024
@mandarjog
log4j 2nd update (GoogleCloudPlatform#661)
54353a4 
Fixed missed in the previous update.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NimJay NimJay NimJay approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mandarjog @NimJay