I have got installed ActiveMQ on Mac using brew but have been identified as having a critical vulnerability related to the log4j security issue, and so it requires a patch.
In this case, how can I do patching log4j?
/System/Volumes/Data/usr/local/Cellar/activemq/5.16.3/libexec/lib/optional/log4j-1.2.17.jar
/usr/local/Cellar/activemq/5.16.3/libexec/lib/optional/log4j-1.2.17.jar
Since you're using ActiveMQ 5.16.3 you can simply upgrade to 5.16.4 which replaced Log4j 1.2.17 with Reload4j 1.2.19. See AMQ-8472 for more details.
Related
I'm having a problem learning to upgrade to log4j2. Before, I used log4j 1 with apache servicemix 6.1.2, when I upgraded to log4j 2, I got an incompatibility error. I am learning to run the application on apache servicemix 7.0.1 to get the latest version of log4j2 .
I have read the document but do not understand which version of servicemix 7.0.1 uses log4j. Can anyone help me?
Jfrog recommends to upgrade log4j to 2.15 as permanent fix. Can I just replace with the latest log4j-api.jar file? or Does Jfrog release latest patch for this?
How can I completely fix the issue?
The best fix for this issue would be to upgrade your log4j dependencies to version 2.15.0, which resolved the issue in several layers and improved the overall security of log4j.
As an additional layer of protection, we also recommend setting the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable globally (see next section).
#Syed JFrog products are not affected by this vulnerability, as they are not using the log4j-core package. We can confirm that JFrog services are not affected by CVE-2021-44228.
JFrog Security has validated that JFrog Platform solutions themselves are not affected, as no products, including Artifactory version 6.x or 7.x using the log4j-core package. CVE-2021-44228 only affects ‘log4j-core’, which is not being used in Artifactory. Other packages such as log4j-over-slf4j, log4j-api and log4j-to-slf4j are unaffected.
Hence, there is no action required from users to upgrade this library.
I am trying to install logstash on SLES . Here are the version details
SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 2
# This file is deprecated and will be removed in a future service pack or release.
# Please check /etc/os-release for details about this release.
NAME="SLES"
VERSION="12-SP2"
VERSION_ID="12.2"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP2"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp2"
Most of the instructions available over google are for ElasticSearch but not for logstash. I tried rpm based installation as described here https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html but here too they install elasticsearch using zypper install elasticsearch I am trying to install logstash 6.1 or later. what is the best way to install logstash on SLES? While installaing elasticsearch too I get an error as follows:
elasticsearch-6.1.3-1.noarch (Elasticsearch repository for 6.x packages): Signature verification failed [4-Signatures public key is not available]
Here is my elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
It's probably too late, but it's better late than never. Anyway, I had the same issue and this article gave me an idea for a solution: https://en.opensuse.org/User:Tsu2/elasticsearch_logstash_official_repos. This part specifically solved my issue:
Download TAR file and extract. Because Elasticsearch is a Java binary, the extracted files can be run from anywhere
So, what I did is I've downloaded the Logstash TAR file, SCPed it to my SUSE server, and extracted it to my ELK folder. Then I ran it using its bin/logstash executable.
I hope this solution helps you and others who stumble on this page on their search for the solution.
Note: I know that here is same question, but it's enviroment is window so I created it. JNA link failure Error on Cassandra Startup
I try to start cassandra but I get a warning below:
$ cassandra
...
WARN 09:13:42 JNA link failure, one or more native method will be unavailable.
WARN 09:13:42 JMX is not enabled to receive remote connections. Please see cassandra-env.sh for more info.
Please tell me how to solve this problem.
My enviroment:
Cassandra v2.2.0 with Homebrew
OS X 10.10
JNA is used for optimizations such as disabling swapping and creating hardlinks during snapshots. It is recommended for production systems. Dev systems should also be fine without JNA support, so you can just ignore the warning.
I am using cassandra 2.0.5 on Centos 6.5 and OpsCenter 4 worked fine until i updated OpsCenter to version 4.1 . I access OpsCenter page, click on manage existing cluster and give the ip address of my node (127.0.0.1) and it gives me the following: "Error creating cluster: max() arg is an empty sequence".
Any clues ?
The bug is on 4.1.0, and is affecting those running Python 2.6. The complete fix for this is 4.1.1 (http://www.datastax.com/dev/blog/opscenter-4-1-1-now-available). To workaround this issue on 4.1.0, users should disable the auto-update feature, and manually re-populate the latest definitions. This will only need to be done once. This doesn't need to be done with 4.1.1, and that's the best fix. See the Known issues of the release notes (http://www.datastax.com/documentation/opscenter/4.1/opsc/release_notes/opscReleaseNotes410.html)
Add the following to opscenterd.conf to disable auto-update:
[definitions]
auto_update = False
Manually download the definition files
for tarball installs:
cd ./conf/definitions
for packages installs:
cd /etc/opscenter/definitions
Apply the latest definitions
curl https://opscenter.datastax.com/definitions/4.1.0/definition_files.tgz | tar xz
Restart opscenterd
I jus had today the same problem that you. I downloaded an older versions of opscenter (particulary version 4.0.2) from http://rpm.datastax.com/community/noarch/ and the error has gone.
I am also using the sam cassandra version and also on centos