Skip to content

fix(kafka): Set LOG4J_FORMAT_MSG_NO_LOOKUPS env var in final image #661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sbernauer merged 3 commits into from
May 13, 2024
Merged

fix(kafka): Set LOG4J_FORMAT_MSG_NO_LOOKUPS env var in final image #661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
47705ce
fix(kafka): Set LOG4J_FORMAT_MSG_NO_LOOKUPS env var in final image
sbernauer May 8, 2024
acb3a7b
changelog
sbernauer May 8, 2024
5b384ba
Merge branch 'main' into fix/kafka-log4j
sbernauer May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
the Hadoop image. The required AWS JARs are copied from the Hadoop
image to the HBase image. The script `export-snapshot-to-s3` makes
exporting easier ([#621]).
- kafka: Build from source ([#659], [#661]).
- omid: Include Apache Omid in all workflows such as building and releasing images ([#635]).

### Changed
Expand Down Expand Up @@ -53,6 +54,8 @@ All notable changes to this project will be documented in this file.
[#626]: https://github.com/stackabletech/docker-images/pull/626
[#628]: https://github.com/stackabletech/docker-images/pull/628
[#635]: https://github.com/stackabletech/docker-images/pull/635
[#659]: https://github.com/stackabletech/docker-images/pull/659
[#661]: https://github.com/stackabletech/docker-images/pull/661
[#663]: https://github.com/stackabletech/docker-images/pull/663

## [24.3.0] - 2024-03-20
Expand Down
12 changes: 6 additions & 6 deletions kafka/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,6 @@ RUN mkdir -p /stackable/jmx/ && \
chmod +x /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar && \
ln -s /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar /stackable/jmx/jmx_prometheus_javaagent.jar

# ===
# Mitigation for CVE-2021-44228 (Log4Shell)
# This variable is supported as of Log4j version 2.10 and
# disables the vulnerable feature
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true

# For earlier versions this script removes the .class file that contains the
# vulnerable code.
# TODO: This can be restricted to target only versions which do not honor the environment
Expand Down Expand Up @@ -136,6 +130,12 @@ COPY --chown=stackable:stackable --from=kcat-builder /stackable/kcat-${KCAT}/kca
RUN ln -s /stackable/bin/kcat-${KCAT} /stackable/bin/kcat && \
ln -s /stackable/kafka_${SCALA}-${PRODUCT} /stackable/kafka

# ===
# Mitigation for CVE-2021-44228 (Log4Shell)
# This variable is supported as of Log4j version 2.10 and
# disables the vulnerable feature
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true

ENV PATH="${PATH}:/stackable/bin:/stackable/kafka/bin"

WORKDIR /stackable/kafka
Expand Down