On 1/6/22 10:40, Jeremy Stanley wrote:
On 2022-01-06 10:31:34 -0600 (-0600), Ben Nemec wrote: [...]
I don't know if this is common, but if you use Zookeeper for DLM I assume you'd be affected. It's a supported driver in Tooz so it's possible someone would be using it.
Thanks, that's a good point! I recall when we were investigating it with regard to Zuul (which relies on ZK for state coordination and persistence), the conclusion was that it isn't impacted by the recent vulnerabilities. I found this brief explanation, but maybe that's outdated information? https://issues.apache.org/jira/browse/ZOOKEEPER-4423
Ah, so zookeeper was one of the projects using a version of log4j so ancient it wasn't affected. :-) I was just thinking of Java stuff that might be running alongside OpenStack, I don't know anything that contradicts the issue you linked.