<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:27:33 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3363] Update reference deployments in light of log4j remote execution CVE-2021-44228</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3363</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;A zero-day remote code execution exploit has been reporting affecting log4j2, used widely in FOLIO modules and Okapi.&lt;/p&gt;

&lt;p&gt;References:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-44228&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-44228&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://www.lunasec.io/docs/blog/log4j-zero-day/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.lunasec.io/docs/blog/log4j-zero-day/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Reference deployments will need to be updated to mitigate the risk of DOS (other risks are not so large in these ephemeral systems).&lt;/p&gt;</description>
                <environment></environment>
        <key id="82279">FOLIO-3363</key>
            <summary>Update reference deployments in light of log4j remote execution CVE-2021-44228</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</assignee>
                                                                <reporter accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</reporter>
                                    <labels>
                    </labels>
                <created>Fri, 10 Dec 2021 16:35:36 +0000</created>
                <updated>Mon, 31 Jan 2022 15:45:10 +0000</updated>
                            <resolved>Mon, 31 Jan 2022 15:45:10 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                <comments>
                                                            <comment id="196982" author="5cf6c546b87c300f36eb7b9a" created="Thu, 20 Jan 2022 16:11:55 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt;, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f9abc1eb45b2e007453f423&quot; class=&quot;user-hover&quot; rel=&quot;5f9abc1eb45b2e007453f423&quot; data-account-id=&quot;5f9abc1eb45b2e007453f423&quot; accountid=&quot;5f9abc1eb45b2e007453f423&quot; rel=&quot;noreferrer&quot;&gt;John Malconian&lt;/a&gt;&#160;is there anything that still needs to happen here, or can this be closed?&lt;/p&gt;</comment>
                                                            <comment id="196983" author="5c706fbb47a54a6728e59df2" created="Thu, 27 Jan 2022 22:40:39 +0000"  >&lt;p&gt;For safety&apos;s sake, setting LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable globally for all modules spawned by Okapi and in the edge-modules playbook.&lt;/p&gt;</comment>
                                                            <comment id="196985" author="5c706fbb47a54a6728e59df2" created="Fri, 28 Jan 2022 01:02:43 +0000"  >&lt;p&gt;Successful test with folio-snapshot-test. Overnight builds should pick up the changes.&lt;/p&gt;</comment>
                                                            <comment id="196987" author="5c706fbb47a54a6728e59df2" created="Mon, 31 Jan 2022 15:45:00 +0000"  >&lt;p&gt;Changes validated on reference environments.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="76636">SECURITY-6</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82284">FOLIO-3364</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03tec:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="288">DevOps Sprint 130</customfieldvalue>
    <customfieldvalue id="289">DevOps Sprint 131</customfieldvalue>
    <customfieldvalue id="1997">DevOps sprint 132</customfieldvalue>
    <customfieldvalue id="286">DevOps Sprint 129</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 20 Jan 2022 16:11:55 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>