[security-sig][kolla] Log4j vulnerabilities and OpenStack
Radosław Piliszek
radoslaw.piliszek at gmail.com
Mon Jan 10 14:44:41 UTC 2022
On Mon, 10 Jan 2022 at 14:58, Jeremy Stanley <fungi at yuggoth.org> wrote:
>
> On 2022-01-10 14:47:53 +0100 (+0100), Radosław Piliszek wrote:
> [...]
> > Yes, we have already patched the command line [1] so the guidance
> > is to make sure to run the latest and greatest. It would make
> > sense to broadcast this so that users know that log4j is in
> > Elasticsearch. In Kolla, ES is used either standalone or with
> > Monasca (and soon Venus).
> >
> > [1] https://review.opendev.org/c/openstack/kolla-ansible/+/821860
> [...]
>
> Is the presence/absence of Elasticsearch determined by configuration
> options, or is it always installed and run when Kolla is used?
Determined by configuration. It is not present by default - only if
installed on demand, by enabling central logging, Monasca or some
other dependent component.
-yoctozepto
> --
> Jeremy Stanley
More information about the openstack-discuss
mailing list