Skip to content

Commit

Permalink
Merge pull request #371 from uselagoon/renovate/main-patch-elk-stack
Browse files Browse the repository at this point in the history
  • Loading branch information
tobybellwood authored Dec 19, 2021
2 parents 5046347 + 99b437a commit 59bcd17
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
8 changes: 4 additions & 4 deletions images/elasticsearch/6.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
ARG IMAGE_REPO
FROM ${IMAGE_REPO:-lagoon}/commons as commons
# Defining Versions - https://www.elastic.co/guide/en/elasticsearch/reference/6.8/docker.html
FROM --platform=linux/amd64 docker.elastic.co/elasticsearch/elasticsearch:6.8.21
FROM --platform=linux/amd64 docker.elastic.co/elasticsearch/elasticsearch:6.8.22

LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors"
LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images"
Expand Down Expand Up @@ -37,9 +37,9 @@ ENV TMPDIR=/tmp \

RUN yum -y install zip && yum -y clean all && rm -rf /var/cache

# Mitigation for CVE-2021-45046 and CVE-2021-44228 (already removed from first jar file)
# RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
RUN zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
# Mitigation for CVE-2021-45046 and CVE-2021-44228 - not needed in log4j-core 2.17.0
# RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \
# && zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class


RUN sed -i 's/discovery.zen.minimum_master_nodes: 1//' config/elasticsearch.yml
Expand Down
2 changes: 1 addition & 1 deletion images/kibana/6.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG IMAGE_REPO
FROM ${IMAGE_REPO:-lagoon}/commons as commons
FROM --platform=linux/amd64 docker.elastic.co/kibana/kibana:6.8.21
FROM --platform=linux/amd64 docker.elastic.co/kibana/kibana:6.8.22

LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors"
LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images"
Expand Down
8 changes: 4 additions & 4 deletions images/logstash/6.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

ARG IMAGE_REPO
FROM ${IMAGE_REPO:-lagoon}/commons as commons
FROM --platform=linux/amd64 docker.elastic.co/logstash/logstash:6.8.21
FROM --platform=linux/amd64 docker.elastic.co/logstash/logstash:6.8.22

LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors"
LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images"
Expand Down Expand Up @@ -41,9 +41,9 @@ RUN fix-permissions /usr/share/logstash/data \

RUN yum -y install zip && yum -y clean all && rm -rf /var/cache

# Mitigation for CVE-2021-45046 and CVE-2021-44228
RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \
&& zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
# Mitigation for CVE-2021-45046 and CVE-2021-44228 - not needed in log4j-core 2.17.0
# RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \
# && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true"

Expand Down

0 comments on commit 59bcd17

Please sign in to comment.