Build #495

Plan branch:

Build: #495 was successful Manual run by daryl herzmann

Stages & jobs

  1. Build and Package

  2. Copy to Website

Build result summary

Details

Completed
Queue duration
3 minutes
Duration
4 minutes
Labels
None
Revision
1bcb80f9f23d70fbd7ee8a833abe02b2305f848e
Total tests
396
Successful since
#465 ()

Tests

Code commits

Author Commit Message Commit date
daryl herzmann <akrherz@iastate.edu> daryl herzmann <akrherz@iastate.edu> 1bcb80f9f23d70fbd7ee8a833abe02b2305f848e Merge pull request #1951 from guusdk/release_4.5.5
Denote Openfire 4.5.5 release
Guus der Kinderen Guus der Kinderen c24b118dbebe0618522315d05a0c28fd1416e90f Denote Openfire 4.5.5 release
Guus der Kinderen Guus der Kinderen 5e297ed4de793342e53f33cbc54694e0d48f979b OF-2353: Upgrade log4j2 from 2.11.2 to 2.16.0
Guus der Kinderen Guus der Kinderen 15d3f6fe890655d4aea69bed3e16dc4ba0df7d6d OF-2353: Add log4j2.formatMsgNoLookups system property to startup scripts
As another mitigation for CVE-2021-4428, add the log4j2.formatMsgNoLookups system property to all Openfire start scripts that we provide.
Guus der Kinderen Guus der Kinderen e764a0dfa65a95a4906c6d4f43e940b96c2c881f OF-2353: Disable lookups in log4j2 message converter
This adds the {nolookups} directive to the log4j message directive, which disables lookups on another level (CVE-2021-44228).

Note that after upgrading to log4j2 2.16.0, this directive will be ignored by log4j2, as the lookup functionality has been removed completely in that version. A message might be logged to that effect when starting up.

Jira issues

IssueDescriptionStatus
Unknown Issue TypeCVE-2021Could not obtain issue details from Jira
Unknown Issue TypeOF-2353Could not obtain issue details from Jira