On 2022-01-03 16:02:14 +0000 (+0000), Jeremy Stanley wrote: [...] > Is anyone aware of other, similar situations where OpenStack is > commonly installed alongside Java software using Log4j in > vulnerable ways? It came to my attention a few moments ago that Kolla installs Elasticsearch[*]. Is there any particular guidance we should be giving Kolla users about mitigating the recent Log4j vulnerabilities in light of this? [*] https://docs.openstack.org/kolla-ansible/latest/reference/logging-and-monitoring/central-logging-guide.html -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220110/7743649b/attachment.sig>