R1 2022 Lotus - RMB update
(FOLREL-506)
|
|
| Status: | Closed |
| Project: | liquibase-util |
| Components: | None |
| Affects versions: | None |
| Fix versions: | 1.3.0 | Parent: | R1 2022 Lotus - RMB update |
| Type: | Task | Priority: | P2 |
| Reporter: | Oleksii Petrenko | Assignee: | Kateryna Senchenko |
| Resolution: | Done | Votes: | 0 |
| Labels: | back-end, data-import, epam-folijet | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | Folijet Sprint 130 | ||||||||
| Story Points: | 0.5 | ||||||||
| Development Team: | Folijet | ||||||||
| Release: | Lotus R1 2022 | ||||||||
| Epic Link: | R1 2022 Lotus - RMB update | ||||||||
| Description |
|
The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.16.0, because it then becomes the default behavior Log4j vulnerability can be fixed by RMB upgrade. |
| Comments |
| Comment by Kateryna Senchenko [ 15/Dec/21 ] |
|
No need to update for Kiwi - the log4j dependency can be explicitly overridden in the modules that use folio-liquibase-util. However, the vulnerability should be fixed for Lotus along with RMB upgrade. Changing the Epic and Release fields accordingly. |