10 Jan
2022
10 Jan
'22
5:41 a.m.
On 2022-01-03 16:02:14 +0000 (+0000), Jeremy Stanley wrote: [...]
Is anyone aware of other, similar situations where OpenStack is commonly installed alongside Java software using Log4j in vulnerable ways?
It came to my attention a few moments ago that Kolla installs Elasticsearch[*]. Is there any particular guidance we should be giving Kolla users about mitigating the recent Log4j vulnerabilities in light of this? [*] https://docs.openstack.org/kolla-ansible/latest/reference/logging-and-monito... -- Jeremy Stanley