You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Github issues are for bug reports and feature requests. For questions about
Linkerd, how to use it, or debugging assistance, start by asking a question in the forums or join us on Slack.
What happened:
linkerd1 uses log4j, and it is conceivable that an attacker can use the JDNI vulnerability by putting malicious classloader directives in headers, and the headers can show up in logs. We need guidance on how to mitigate this vulnerability.
Thanks!
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
linkerd/namerd version, config files:
linkerd 1.7.3
Platform, version, and config files (Kubernetes, DC/OS, etc):
Cloud provider or hardware configuration:
The text was updated successfully, but these errors were encountered:
The Linkerd team has completed its analysis of the CVE and you can find the details in #2438 The short version is that we have found Linkerd to be safe from the CVE.
Thanks for your help improving the project!
Getting Help
Github issues are for bug reports and feature requests. For questions about
Linkerd, how to use it, or debugging assistance, start by
asking a question in the forums or join us on
Slack.
Full details at CONTRIBUTING.md.
Filing a Linkerd issue
Issue Type:
What happened:
linkerd1 uses log4j, and it is conceivable that an attacker can use the JDNI vulnerability by putting malicious classloader directives in headers, and the headers can show up in logs. We need guidance on how to mitigate this vulnerability.
Thanks!
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
linkerd 1.7.3
The text was updated successfully, but these errors were encountered: