This is an automated email from the ASF dual-hosted git repository. mmerli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push: new e04b3af Provide guide on fixing log4j cve without upgrading the chart (#13274) e04b3af is described below commit e04b3af3da47a1f5cbd2844f5ec8a33ac1adf525 Author: Sijie Guo <si...@apache.org> AuthorDate: Mon Dec 13 15:09:19 2021 -0800 Provide guide on fixing log4j cve without upgrading the chart (#13274) --- site2/website/blog/2021-12-11-Log4j-CVE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site2/website/blog/2021-12-11-Log4j-CVE.md b/site2/website/blog/2021-12-11-Log4j-CVE.md index b345a68..91d6ec4 100644 --- a/site2/website/blog/2021-12-11-Log4j-CVE.md +++ b/site2/website/blog/2021-12-11-Log4j-CVE.md @@ -24,8 +24,8 @@ Additionally, when running Pulsar Functions with Kubernetes runtime, you should your Docker images, following the example described [here](https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228). If you are using the Pulsar Helm Chart for deploying in Kubernetes, a [new -version of the chart](https://github.com/apache/pulsar-helm-chart/releases/tag/pulsar-2.7.6) is already available and it applies the above mentioned -workaround. +version of the chart](https://github.com/apache/pulsar-helm-chart/releases/tag/pulsar-2.7.6) is already available and it applies the above mentioned workaround. +If upgrading is not an option, you may also mitigate by adding `-Dlog4j2.formatMsgNoLookups=true` to the `PUSLAR_EXTRA_OPTS` in the `configData` section for proxy, broker, bookkeeper, zookeeper, auto-recovery, and relative components in the helm values file. We are already preparing new patch releases, 2.7.4, 2.8.2 and 2.9.1. These releases will be ready in the next few days and will bundle the Log4j2 2.15.0,