This blog post is for tracking the Skpr platform team's response to the Log4Shell Zero-Day vulnerability (CVE-2021-44228).
Affected Services
- Solr
- OpenSearch (Elasticsearch)
Current Status
The Skpr platform team has quickly responded with mitigations at both the firewall and service levels.
We are tracking upstream changes to both Solr and OpenSearch projects for any additional mitigations or updates.
Details
Solr
The Log4Shell behavior has been disabled using the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true as per this Docker blog post.
The environment variable will remain until upstream Solr images ship with log4j2 2.15.0 which enables this behavior by default.
OpenSearch
The AWS WAF Managed Ruleset AWSManagedRulesKnownBadInputsRuleSet has been applied to all affected clusters. This managed ruleset contains rules for explicitly blocking requests which exploit this vulnerability.
All Opensearch services have received the R20211203-P2 patch which resolves the issue.