Update to resolve CVE-2021-45046
Summary
Requesting application be updated to resolve CVE-2021-45046. https://nvd.nist.gov/vuln/detail/CVE-2021-45046
When using log4j versions before 2.15.0 this is a severe vulnerability, regardless of any log4j2.formatMsgNoLookups=true or LOG4J_FORMAT_MSG_NO_LOOKUPS=true. When using log4j 2.15.0, impact is unclear but lower.
Definition of Done
Hardening:
-
Container builds successfully -
Container version has been updated in greylist file -
Branch has been merged into development
Justifications:
-
All findings have been justified per the above documentation -
Justifications have been provided to the container hardening team
Approval Process:
-
Peer review from Container Hardening Team -
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
/cc @ironbank-notifications/updates
Edited by Al Fontaine