[security-sig] Log4j vulnerabilities and OpenStack

Jeremy Stanley fungi at yuggoth.org
Thu Jan 6 16:40:20 UTC 2022

On 2022-01-06 10:31:34 -0600 (-0600), Ben Nemec wrote:
> I don't know if this is common, but if you use Zookeeper for DLM I
> assume you'd be affected. It's a supported driver in Tooz so it's
> possible someone would be using it.

Thanks, that's a good point! I recall when we were investigating it
with regard to Zuul (which relies on ZK for state coordination and
persistence), the conclusion was that it isn't impacted by the
recent vulnerabilities. I found this brief explanation, but maybe
that's outdated information?
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220106/df348305/attachment.sig>

More information about the openstack-discuss mailing list