-
Notifications
You must be signed in to change notification settings - Fork 504
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mitigating log4j vulnerability in linkerd1 #2439
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for your help improving the project!
Getting Help
Github issues are for bug reports and feature requests. For questions about
Linkerd, how to use it, or debugging assistance, start by
asking a question in the forums or join us on
Slack.
Full details at CONTRIBUTING.md.
Filing a Linkerd issue
Issue Type:
What happened:
linkerd1 uses log4j, and it is conceivable that an attacker can use the JDNI vulnerability by putting malicious classloader directives in headers, and the headers can show up in logs. We need guidance on how to mitigate this vulnerability.
Thanks!
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
linkerd 1.7.3
The text was updated successfully, but these errors were encountered: