Monday, December 13, 2021

Critical RCE 0day (ZERO day) in Apache Log4j library was reported (CVE-2021-44228) - Fix

Critical RCE 0day in Apache Log4j library was reported (CVE-2021-44228) and Apache suggested to upgrade your log4j to version 2.15.x:  https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/

https://logging.apache.org/log4j/2.x/

The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0.

For those who cannot upgrade to 2.15.0, in releases >=2.10, this vulnerability can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.


at No comments:
Labels:

Wednesday, July 21, 2021

Google Cloud Dataflow Pipeline using JdbctoBigQuery template "timezone region not found" issue - Fix

Sometimes Dataflow pipeline with JdbctoBigQuery template may not work due to : "error occurred at recursive SQL level 1 ORA-01882: timezone region not found"


Error details:

Error
2021-07-21T06:22:13.292218504ZError message from worker: java.lang.RuntimeException: org.apache.beam.sdk.util.UserCodeException: java.sql.SQLException: Cannot create PoolableConnectionFactory (ORA-00604: error occurred at recursive SQL level 1 ORA-01882: timezone region not found ) org.apache.beam.runners.dataflow.worker.IntrinsicMapTaskExecutorFactory$1.typedApply(IntrinsicMapTaskExecutorFactory.java:197) org.apache.beam.runners.dataflow.worker.IntrinsicMapTaskExecutorFactory$1.typedApply(IntrinsicMapTaskExecutorFactory.java:168)

Steps to Fix the issue:
1. extract oracle/jdbc/defaultConnectionProperties.properties file from ojdbcXXXXX.jar file.
    jar xf o ojdbcXXXXX.jar oracle/jdbc/defaultConnectionProperties.properties
2. add oracle.jdbc.timezoneAsRegion=false propery
3. then update jdbc jar file with updated defaultConnectionProperties.properties
    jar uf ojdbcXXXXX.jar oracle/jdbc/defaultConnectionProperties.properties
at No comments:
Labels:
Subscribe to: Posts (Atom)