Log4J - CVE-2021-44228 -- disable solr container on portal 4.2
search cancel

Log4J - CVE-2021-44228 -- disable solr container on portal 4.2

book

Article ID: 230798

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

As per the security advisory,

https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

For portal, the solr container needs to be disabled to mitigate the Log4j vulnerability.

The instruction is to make the following script change in portal.sh in function single from:
cat "$path_yml"
to:
cat "$path_yml" | sed '/solr/,/tenant-provisioner/c\ \ tenant-provisioner:',

 

But the portal.sh script on portal 4.2 is different, see the screenshot below,

 

Environment

Release : 4.2

Component : API PORTAL

Resolution

Add following line before YML=$(cat "$path_yml") ,

sed -i '/solr/,/tenant-provisioner/c\ \ tenant-provisioner:' "$path_yml"

 

ie.