一、影响范围:

Apache Log4j 2.x <= 2.15.0-rc1

二、可能受影响的应用不限于以下内容:

Spring-Boot-strater-log4j2

Apache Struts2

Apache Solr

Apache Druid

Apache Flink

ElasticSearch

Flume

Dubbo

Jedis

Logstash

Kafka

Apache Storm

三、解决办法:

1、等待官方升级 log4j2 版本。

2、自己升级 log4j2 版本至 >= 2.15.0,目前最新 2.16.0

四、部分组件实施步骤:

1、logstash

1.1、从 官网 下载新版 6.8.21 or 7.16.1,修复此问题。

1.2、自己升级  log4j2 版本

查找漏洞包

find / -name "log4j-api*.jar"
find / -name "log4j-api*.jar"

根据包名替换为下载的新包

[logstash核心类库更新]
mv /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/logstash-core/lib/jars/


[logstash插件更新]
-- logstash-input-kafka-8.0.6 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/

-- logstash-input-kafka-8.0.6 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar.bak

-- logstash-input-beats-5.0.13-java 修改依赖(需要修改rb)
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mkdir -p /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
vim /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/lib/logstash-input-beats_jars.rb
[log4j-api 2.6.2 版本改为 2.15.0]

-- logstash-output-kafka-7.0.10 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar.bak
cp /home/log4j/log4j-1.2-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/

-- logstash-output-kafka-7.0.10 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar.bak

说明:

(1) 对于依赖类库,如果类库文件有被插件使用,则需要修改 [plugin-name]/lib/*.rb 文件,只需查看 rb 文件则可知道是否有被使用。

 (2)修改时,除了需要查找 log4j-core、log4j-api 文件,还需关注目录下是否存在相关版本的其他 log4j 包,如 log4j-slf4j-impl、log4j-1.2-api 等,如果版本号相同,也都要替换。

2、storm

[停止 storm Topology]

mv $storm/lib/log4j-api-2.8.2.jar $storm/lib/log4j-api-2.8.2.jar.bak

mv $storm/lib/log4j-core-2.8.2.jar $storm/lib/log4j-core-2.8.2.jar.bak

mv $storm/lib/log4j-slf4j-impl-2.8.2.jar $storm/lib/log4j-slf4j-impl-2.8.2.jar.bak

cp /home/log4j/log4j-api-2.15.0.jar $storm/lib/

cp /home/log4j/log4j-core-2.15.0.jar $storm/lib/

cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $storm/lib/

重启 storm server

[提交 storm Topology]

说明:

(1)对于低版本 storm,如 v1.1.1,启动 nibus 时,会出现如下异常:

Exception in thread "main" java.lang.NoSuchMethodError: com.lmax.disruptor.dsl.Disruptor.<init>(Lcom/lmax/disruptor/EventFactory;ILjava/util/concurrent/ThreadFactory;Lcom/lmax/disruptor/dsl/ProducerType;Lcom/lmax/disruptor/WaitStrategy;)V
 at org.apache.logging.log4j.core.async.AsyncLoggerDisruptor.start(AsyncLoggerDisruptor.java:108)
 at org.apache.logging.log4j.core.async.AsyncLoggerContext.start(AsyncLoggerContext.java:75)
 at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:155)
 at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
 at org.apache.logging.log4j.LogManager.getContext(LogManager.java:196)

对于这种问题,还需升级 disruptor 包

mv $storm/lib/disruptor-3.3.2.jar $storm/lib/disruptor-3.3.2.jar.bak

cp /home/logstash $storm/lib/

3、elasticsearch

mv $elasticsearch_home/lib/log4j-api-2.11.1.jar $elasticsearch_home/lib/log4j-api-2.11.1.jar.bak
mv $elasticsearch_home/lib/log4j-core-2.11.1.jar $elasticsearch_home/lib/log4j-core-2.11.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar $elasticsearch_home/lib/
cp /home/log4j/log4j-core-2.15.0.jar $elasticsearch_home/lib/

mv $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar.bak

mv $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar.bak

cp /home/log4j/log4j-1.2-api-2.15.0.jar $elasticsearch_home/modules/x-pack-core/

cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $elasticsearch_home/modules/x-pack-security/

[停止 sink es 业务]

[重启 es server]

[启动 sink es 业务]

其他组件升级,后续更新...

Logo
Kafka开源项目指南

Kafka开源项目指南提供详尽教程,助开发者掌握其架构、配置和使用,实现高效数据流管理和实时处理。它高性能、可扩展,适合日志收集和实时数据处理,通过持久化保障数据安全,是企业大数据生态系统的核心。

更多推荐

Kafka入门(一) 概述、部署与API的简单使用

Kafka概述、部署与API的简单使用

avatar Kafka开源项目指南

基于canal和kafka同步,实现binlog同步ElasticSearch

文章目录前言elasticsearch 安装canal安装canal-adapter 安装及配置mysql 安装zk及kafaka安装查看效果注意事项前言中间件版本elasticsearch7.5.2canal1.1.4client-adapter1.1.5-alpha-1zookeeper3.4.13kafka2.6.0mysql5.7.31elasticsearch 安装{"settings"

avatar Kafka开源项目指南

基于 Iceberg 的湖仓一体架构在 B 站的实践

背景在B站,每天都有PB级的数据注入到大数据平台,经过离线或实时的ETL建模后,提供给下游的分析、推荐及预测等场景使用。面对如此大规模的数据,如何高效低成本地满足下游数据的分析需求,一直是我们重点的工作方向。我们之前的数据处理流程基本上是这样的:采集端将客户端埋点、服务端埋点、日志、业务数据库等数据收集到HDFS、Kafka等存储系统中,然后通过Hive、Spark、Fl...

avatar Kafka开源项目指南