You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a new zero day exploit. While I do not know if it affects any Ontoportal instance it might be good to check your Ontoportal instance and other services you might have. More info here : GHSA-jfh8-c2jp-5v3q
OntoPortal has two components that utilize log4j so in order to mitigate this vulnerability we recommend setting JVM property ?log4j2.formatMsgNoLookups=true? at this time.
Solr
Modify solr config file /etc/sysconfig/solr and add the following:
SOLR_OPTS="${SOLR_OPTS} -Dlog4j2.formatMsgNoLookups=true?
Tomcat which runs AnnotatorPlus and BIoMixer
Modify /etc/tomcat/tomcat.conf file and add the following:
JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true"
Then restart tomcat and solr services:
sudo systemctl restart tomcat
sudo systemctl restart solr
There is a new zero day exploit. While I do not know if it affects any Ontoportal instance it might be good to check your Ontoportal instance and other services you might have. More info here : GHSA-jfh8-c2jp-5v3q
To follow ncbo/virtual_appliance#27
Hotfix
Disable log4j in the java options (tomporary)
OntoPortal has two components that utilize log4j so in order to mitigate this vulnerability we recommend setting JVM property ?log4j2.formatMsgNoLookups=true? at this time.
Solr
Modify solr config file /etc/sysconfig/solr and add the following:
SOLR_OPTS="${SOLR_OPTS} -Dlog4j2.formatMsgNoLookups=true?
Tomcat which runs AnnotatorPlus and BIoMixer
Modify /etc/tomcat/tomcat.conf file and add the following:
JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true"
Then restart tomcat and solr services:
sudo systemctl restart tomcat
sudo systemctl restart solr
State
Update log4j versions dependecies
Updating solr
formatMsgNoLookups=true flag might not be sufficient to fully mitigate Log4J CVE-2021-44228 so solr needs to be upgrade to recently released v8.11.1.
The text was updated successfully, but these errors were encountered: