[security-sig][kolla] Log4j vulnerabilities and OpenStack

Jeremy Stanley fungi at yuggoth.org
Mon Jan 10 13:41:29 UTC 2022

On 2022-01-03 16:02:14 +0000 (+0000), Jeremy Stanley wrote:
> Is anyone aware of other, similar situations where OpenStack is
> commonly installed alongside Java software using Log4j in
> vulnerable ways?

It came to my attention a few moments ago that Kolla installs
Elasticsearch[*]. Is there any particular guidance we should be
giving Kolla users about mitigating the recent Log4j vulnerabilities
in light of this?

[*] https://docs.openstack.org/kolla-ansible/latest/reference/logging-and-monitoring/central-logging-guide.html

Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220110/7743649b/attachment.sig>

More information about the openstack-discuss mailing list