Jira (PUP-11377) CVE-2021-44228 - log4j

[Harikrishna (Jira)]

Harikrishna created an issue

Puppet / PUP-11377 CVE-2021-44228 - log4j Issue Type: Bug Affects Versions: PUP 6.25.1 Assignee: Unassigned Created: 2021/12/13 7:54 AM Environment: Production CICD Labels: support Priority: Critical Reporter: Harikrishna we see that puppetserver uses Slf4jLogger mechanism for logging. With ongoing vulnerability log4j, we noticed that slf4jlogger might be dependent on log4j, hence would like to understand the impact and remediation if any. we use latest opensource puppetserver: 6.17, puppetdb 6.19, puppet-agent 6.25 puppetserver.service - puppetserver Service    Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor preset: enabled)    Active: active (running) since Sat 2021-11-20 12:57:37 CET; 3 weeks 1 days ago  Main PID: 2242 (java)     Tasks: 141 (limit: 4915)    CGroup: /system.slice/puppetserver.service            └─2242 /usr/bin/java -Xms4g -Xmx4g -XX:ReservedCodeCacheSize=1G -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError=kill -9 %p -XX:ErrorFile=/var/log/puppet   Add Comment

This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-11377

Re: CVE-2021-44228 - log4j Moving to SERVER project

Add Comment