[security-sig][kolla] Log4j vulnerabilities and OpenStack

Jeremy Stanley fungi at yuggoth.org
Mon Jan 10 13:57:26 UTC 2022


On 2022-01-10 14:47:53 +0100 (+0100), Radosław Piliszek wrote:
[...]
> Yes, we have already patched the command line [1] so the guidance
> is to make sure to run the latest and greatest. It would make
> sense to broadcast this so that users know that log4j is in
> Elasticsearch. In Kolla, ES is used either standalone or with
> Monasca (and soon Venus).
> 
> [1] https://review.opendev.org/c/openstack/kolla-ansible/+/821860
[...]

Is the presence/absence of Elasticsearch determined by configuration
options, or is it always installed and run when Kolla is used?
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220110/583fa954/attachment-0001.sig>


More information about the openstack-discuss mailing list