Share
## https://sploitus.com/exploit?id=7B9BDDBA-81E8-5739-B3F7-419C0D6E2316
# Patch pulsar images with Apache Log4J 2.17.1 upgrade

Covers [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228), [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046), [CVE-2021-45105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) [CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832)

See [Log4J Security Vulnerabilities and upgrades](https://logging.apache.org/log4j/2.x/security.html) for more information.


see the [Dockerfile](Dockerfile) for the solution

## Building and pushing patched docker images

example usage:
```
# build and tag image
docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:2.8.1 . -t lhotari/pulsar-all:2.8.1-log4j-patched
# verify
docker run --rm -it lhotari/pulsar-all:2.8.1-log4j-patched bash -c 'ls /pulsar/lib' | grep log4j
# push image
docker push lhotari/pulsar-all:2.8.1-log4j-patched
```