lhotari opened a new pull request #187:
URL: https://github.com/apache/pulsar-helm-chart/pull/187
### Motivation
- required for disabling the vulnerable feature in Pulsar Functions when
using the process runtime
### Additional context
- please notice that for mitigating the k8s runtime for Pulsar Functions,
it's necessary
to patch the used docker image, more information in
https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228
pulsarDockerImageName setting should point to the patched image
- https://twitter.com/brunoborges/status/1469462412679991300 contains
information about the LOG4J_FORMAT_MSG_NO_LOOKUPS=true workaround.
### Modifications
Add LOG4J_FORMAT_MSG_NO_LOOKUPS=true environment variable workaround to all
possible locations as an additional mitigation which also covers forked Java
processes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
