this implements the fix for CVE-2021-44228
in a bosh release so that bosh ressurector does not need to be turned off. the fix was taken from here
install on your tkgi bosh director, sit back and watch.
- Open a shell prompt on a BOSH CLI with access to your PKS bosh director, such as Ops Manager.
- Export your BOSH credentials to the enviornment. These can be accessed via the Ops Manager GUI -> BOSH Director Tile -> Credentials Tab -> Bosh Commandline Credentials.
e.g.
export BOSH_CLIENT=ops_manager BOSH_CLIENT_SECRET=fakesecret BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate BOSH_ENVIRONMENT=10.0.0.10
- Copy or clone this repository onto this BOSH CLI workstation and create+upload the BOSH release to the director
git clone https://github.com/warroyo/tkgi-log4shell-release && cd tkgi-log4shell-release
bosh create-release --force
bosh upload-release ./dev_releases/tkgi-log4shell/tkgi-log4shell-0+dev.1.yml
- Configure the addon from this repo
bosh -n update-config --name=tkgi-log4shell --type=runtime ./addon.yml
- login to opsman and run and apply