Remove JMSAppender.class to avoid CVE-2021-4104,

Browse Source

CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.

Though it does not contain a vulnerable configuration of log4j, to avoid
needing to prove that and false positives of security scanners, this
commit is the result of running the following commands:

zip -q -d monasca_agent/collector/checks/libs/jmxfetch-0.3.0-jar-with-dependencies.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
unzip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar
zip -q -d WORLDS-INF/lib/log4j.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
zip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar

Change-Id: Id47ba9397e7fef1ac8622abb2a1691a260f4bc9c

...

This commit is contained in:

Jan Zerebecki 2022-01-11 21:15:01 +01:00 committed by Martin Chacon Piza

parent 052ab23048

commit dbb766218e

2 changed files with 0 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN

monasca_agent/collector/checks/libs/jmxfetch-0.3.0-jar-with-dependencies.jar

View File

Binary file not shown.

BIN

monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar

View File

Binary file not shown.