diff --git a/images/elasticsearch/6.Dockerfile b/images/elasticsearch/6.Dockerfile index d771320f9..b782054b9 100644 --- a/images/elasticsearch/6.Dockerfile +++ b/images/elasticsearch/6.Dockerfile @@ -1,7 +1,7 @@ ARG IMAGE_REPO FROM ${IMAGE_REPO:-lagoon}/commons as commons # Defining Versions - https://www.elastic.co/guide/en/elasticsearch/reference/6.8/docker.html -FROM --platform=linux/amd64 docker.elastic.co/elasticsearch/elasticsearch:6.8.21 +FROM --platform=linux/amd64 docker.elastic.co/elasticsearch/elasticsearch:6.8.22 LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors" LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images" @@ -37,9 +37,9 @@ ENV TMPDIR=/tmp \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 and CVE-2021-44228 (already removed from first jar file) -# RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class -RUN zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +# Mitigation for CVE-2021-45046 and CVE-2021-44228 - not needed in log4j-core 2.17.0 +# RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ +# && zip -q -d /usr/share/elasticsearch/bin/elasticsearch-sql-cli-6.8.21.jar org/apache/logging/log4j/core/lookup/JndiLookup.class RUN sed -i 's/discovery.zen.minimum_master_nodes: 1//' config/elasticsearch.yml diff --git a/images/kibana/6.Dockerfile b/images/kibana/6.Dockerfile index 32eee4b93..fc8fa649d 100644 --- a/images/kibana/6.Dockerfile +++ b/images/kibana/6.Dockerfile @@ -1,6 +1,6 @@ ARG IMAGE_REPO FROM ${IMAGE_REPO:-lagoon}/commons as commons -FROM --platform=linux/amd64 docker.elastic.co/kibana/kibana:6.8.21 +FROM --platform=linux/amd64 docker.elastic.co/kibana/kibana:6.8.22 LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors" LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images" diff --git a/images/logstash/6.Dockerfile b/images/logstash/6.Dockerfile index 87488ed6f..ee2b5f17c 100644 --- a/images/logstash/6.Dockerfile +++ b/images/logstash/6.Dockerfile @@ -2,7 +2,7 @@ ARG IMAGE_REPO FROM ${IMAGE_REPO:-lagoon}/commons as commons -FROM --platform=linux/amd64 docker.elastic.co/logstash/logstash:6.8.21 +FROM --platform=linux/amd64 docker.elastic.co/logstash/logstash:6.8.22 LABEL org.opencontainers.image.authors="The Lagoon Authors" maintainer="The Lagoon Authors" LABEL org.opencontainers.image.source="https://github.com/uselagoon/lagoon-images" repository="https://github.com/uselagoon/lagoon-images" @@ -41,9 +41,9 @@ RUN fix-permissions /usr/share/logstash/data \ RUN yum -y install zip && yum -y clean all && rm -rf /var/cache -# Mitigation for CVE-2021-45046 and CVE-2021-44228 -RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ - && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +# Mitigation for CVE-2021-45046 and CVE-2021-44228 - not needed in log4j-core 2.17.0 +# RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.15.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \ +# && zip -q -d /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-5.2.3-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.3/logstash-input-tcp-5.2.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ENV LS_JAVA_OPTS "-Xms400m -Xmx400m -Dlog4j2.formatMsgNoLookups=true"