Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Upcoming Changes to pScheduler Limit Configuration

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Upcoming Changes to pScheduler Limit Configuration


Chronological Thread 
    < Chronological >      < Thread >
  • From: Mark Feit <>
  • To: Khalid Mustafa <>, "" <>
  • Cc: Shafiq Urrahman <>, "Mohammed O. Sharief" <>
  • Subject: Re: [perfsonar-user] Upcoming Changes to pScheduler Limit Configuration
  • Date: Tue, 1 Feb 2022 18:09:14 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eSuG+/pZHtmL/ZHlFdYTva0HqrOAIeOM9ewBauvqu0o=; b=PESDJI/6uV2ZCiphkQpkMOcVzdVDTT+Sh87Rqse3S0Gi+B7XQYm36xb+hAkRD540kyP/AtDGI6mSL8uoKCVTYxlKciabfh3KVd6H0G+BV6tSJsbEYnkgcFFgU3e8ink4nEgGzzxdfkg/hEbo817aYYSRirYRVl4XyRONMej2ugYnV+byjKhfFyObeFz5WT38E2M1SLzPDhf5gbLFu9AAF/YwP2bW0JXnKWwFmWJa/aCPkuZmBRLl7NTBG9ACtcuPtjlcFBrqQRUMVOQUXVhU7XMuqviE5HQrlShucjHObcEE1AsgETzxt1bHwis/8UU5uS1C8pPhXIiHYT6OMdZE/Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bd2biGsYwWBj1YKKwFSzpzCAZntLKDLa4D7nZ8R5nDOVcdrsdydq6kZz318OXtDBQEXes6RaWa+vmk96zYSWREijzaZkwSt+I1ax/5A9ITGUCX4wd2J1xzqqUeF0/5MwSStrpwgl3hEICx0vTac6bDtMUOb7MXw51nO1/HTIfQtr1wAHw2yKOs7Rgr7S2XPCwKY3fCQNiXOYzZH2/d7xS6oBURdD/6t3qfMYutgNDibWzHYa0xketRSHXTljoNNBl5jBv7MRbs7bf4rdbXwAY+Ch2MCbtKsOPHcu7DmYuShz6zYsW857gZbJwwunFEdWjCWuCJEqzHrvOISHmz+ImA==

Khalid Mustafa writes:

 

Is it possible to remove/disable it without impacting the functionalities in current version?

 

The Chainsaw vulnerability can be resolved by removing the classes from the JARs containing them as described in Andy’s email a few days ago (https://lists.internet2.edu/sympa/arc/perfsonar-announce/2022-01/msg00002.html) and any system that’s upgraded to 4.2.2-2 or later will have had that fix applied automatically.

 

We cannot remove Log4j entirely from the current production code at the bugfix level, largely because we don’t want to maintain a separate build of Cassandra.  That will go away in 5.0 and, once that happens, we’ll be able to change what MaDDash uses.  I’ve audited the sources and have found that, if both are left in the configuration we ship, they’re not vulnerable to the known attacks.

 

--Mark

 


Archive powered by MHonArc 2.6.24.

Top of Page