/pulsar-docker-images-patch-CVE-2021-44228

Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell

Primary LanguageDockerfileApache License 2.0Apache-2.0

Patch pulsar images with Apache Log4J 2.17.1 upgrade

Covers CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 CVE-2021-44832

See Log4J Security Vulnerabilities and upgrades for more information.

see the Dockerfile for the solution

Building and pushing patched docker images

example usage:

# build and tag image
docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:2.8.1 . -t lhotari/pulsar-all:2.8.1-log4j-patched
# verify
docker run --rm -it lhotari/pulsar-all:2.8.1-log4j-patched bash -c 'ls /pulsar/lib' | grep log4j
# push image
docker push lhotari/pulsar-all:2.8.1-log4j-patched