Update RMB (Log4j vulnerability verification and correction)

Description

The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.16.0, because it then becomes the default behavior

Log4j vulnerability can be fixed by RMB upgrade.

Environment

None

Potential Workaround

None

Linked issues

defines

UXPROD-3211

NFR: Lotus R1 2022 Module releases, RMB/Stripes updates, migration scripts verification

Checklist

hide

TestRail: Results

Activity

Show:

Kateryna Senchenko December 15, 2021 at 7:12 PM

No need to update for Kiwi - the log4j dependency can be explicitly overridden in the modules that use folio-liquibase-util. However, the vulnerability should be fixed for Lotus along with RMB upgrade. Changing the Epic and Release fields accordingly.

Done

Details

Assignee

Kateryna Senchenko

Reporter

Oleksii Petrenko

Labels

back-enddata-importepam-folijet

Priority

Story Points

0.5

Sprint

None

Development Team

Folijet

Parent

FOLREL-506 R1 2022 Lotus - RMB update

Fix versions

1.3.0

Release

Lotus R1 2022

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created December 14, 2021 at 12:04 PM

Updated December 29, 2021 at 11:36 AM

Resolved December 29, 2021 at 11:36 AM

Configure

TestRail: Cases

TestRail: Runs

Update RMB (Log4j vulnerability verification and correction)

Description

Environment

Potential Workaround

Linked issues

defines

Checklist

TestRail: Results

Activity

Kateryna Senchenko December 15, 2021 at 7:12 PM

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Parent

Fix versions

Release

TestRail: Cases

TestRail: Runs

Flag notifications

Something's gone wrong