Skip to content

lhotari/Log4Shell-mitigation-Dockerfile-overlay

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Patch existing docker images with ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true workaround for Log4Shell

NOTICE! THERE IS A NEWER Log4Shell issue, CVE-2021-45046 and this patch might not be sufficient!

see the Dockerfile

Add environment based workaround to disable vulnerable feature in Log4J 2.10.0+. See https://twitter.com/brunoborges/status/1469462412679991300 about LOG4J_FORMAT_MSG_NO_LOOKUPS=true.

Building and pushing patched docker images

example usage:

# build and tag image
docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar:2.8.1 . -t myrepo/pulsar:2.8.1-log4j-patched
# verify that the environment contains LOG4J_FORMAT_MSG_NO_LOOKUPS=true (if your container contains sh)
docker run --rm -it myrepo/pulsar:2.8.1-log4j-patched sh -c printenv | grep LOG4J
# push image
docker push myrepo/pulsar:2.8.1-log4j-patched

About

Log4Shell mitigation by creating a new docker image with a thin overlay

Resources

Readme

License

Apache-2.0 license
Activity

Stars

7 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages