R1 2022 Lotus - RMB update (FOLREL-506)

[LIQUTIL-11] Update RMB (Log4j vulnerability verification and correction) Created: 14/Dec/21  Updated: 29/Dec/21  Resolved: 29/Dec/21

Status: Closed
Project: liquibase-util
Components: None
Affects versions: None
Fix versions: 1.3.0
Parent: R1 2022 Lotus - RMB update

Type: Task Priority: P2
Reporter: Oleksii Petrenko Assignee: Kateryna Senchenko
Resolution: Done Votes: 0
Labels: back-end, data-import, epam-folijet
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
defines UXPROD-3211 NFR: Lotus R1 2022 Module releases, R... Closed
Sprint: Folijet Sprint 130
Story Points: 0.5
Development Team: Folijet
Release: Lotus R1 2022
Epic Link: R1 2022 Lotus - RMB update

 Description   

The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.16.0, because it then becomes the default behavior 

Log4j vulnerability can be fixed by RMB upgrade.



 Comments   
Comment by Kateryna Senchenko [ 15/Dec/21 ]

No need to update for Kiwi - the log4j dependency can be explicitly overridden in the modules that use folio-liquibase-util. However, the vulnerability should be fixed for Lotus along with RMB upgrade. Changing the Epic and Release fields accordingly.

Generated at Thu Feb 08 22:13:26 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.