log4j vulnerability and your Archipelagos

34 views

Skip to first unread message

dp...@metro.org

unread,

Dec 14, 2021, 3:53:42 PM12/14/21

to archipelago commons

Good Afternoon,

If you have been reading social media and papers, and smoke signals and basically listening to the wind lately you might already know a remote execution exploit was detected on a very popular Java library used for Logging named log4j.

I won't go into details here how that exploit works but the gist is it allows to execute remote code and sent data to remote urls by simple passing a custom string to any exposed search field/input/etc of a Java application that uses this.

https://logging.apache.org/log4j/2.x/security.html

The OSS team that developed this library has worked hard to fix this and its latest version (released a few minutes ago) even totally disable this exploitable feature.

Archipelago uses this library in Solr and again, the great maintainers of Solr Docker containers (official ones we use) have already update major release with a default JAVA Opts flag that does the same basically, disables this feature.

Our team updated yesterday (somehow in silence to avoid bad bad exploiters to exploit anything) all Archipelago's we have access to (more than 20 ensembles, so way more than that) and contacted many of you. All went well, we checked that all repos were safe. And they are all safe!

If you are running Archipelago secretly, have some custom things running, etc (nice!) and want to be sure you are also safe please do the following.

- Check what version of Solr you are running. 1.0.0-RC3 ships with 8.8.2 by default (major stable one) any new install since Friday is safe by default but previous deployments, even in the same version need a small update. If running 8.7.0 (no a major release) needs some text edits and 3 commands, no reindexing, complex machinery or such things)

- So: If running 8.8.2 do this on the folder where your docker-compose.yml lives

docker-compose pull solr

docker-compose down

docker-compose up -d

- If running 8.7.0 or anything earlier, you can edit your docker-compose.yml file (again inside the folder where your docker-compose.yml lives), find this string "8.7.0" and replace it by "8.8.2". Note: normal double quotes not fancy ones. Save the file and run (different order!)

docker-compose down

docker-compose pull solr

docker-compose up -d

If you are unsure if it worked, use this url (Thanks David Schwartz!) to test https://log4shell.huntress.com

Unsure? Need help? Please let us know and we give you a hand

Big hugs

Diego Pino

Metro.org

Reply all

Reply to author

Forward

0 new messages