Thomas Wolfram 2 Years Ago - Edited As for Log4j, the Elasticsearch sidecar included in the Docker image and the Tomcat bundles appears to be still based on the vulnerable Log4j 2.11.0. Will you upgrade this later like in GA8? Please sign in to reply. Reply as... Cancel Olaf Kock Thomas Wolfram 2 Years Ago Yes, it'll be updated. But please keep in mind that Sidecar is ONLY meant for local development purposes. Such a computer should not be exposed, and a proper internet-visible installation must have a proper Elasticsearch (non-sidecar) setup. This way you'd be the only one who can attack yourself, and that only if the sidecar implementation logs any user-generated content. Please sign in to reply. Reply as... Cancel Peter Pilgrim Thomas Wolfram 2 Years Ago - Edited This is also what I found. ~/Downloads via ☕ v11.0.11 on ☁️ (eu-west-2) ❯ 7za x liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z 7-Zip (a) [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28 p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64) Scanning the drive for archives: 1 file, 1011676388 bytes (965 MiB) Extracting archive: liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z -- Path = liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z Type = 7z Physical Size = 1011676388 Headers Size = 34106 Method = LZMA2:24 Solid = + Blocks = 1 Everything is Ok Folders: 3384 Files: 2446 Size: 1157065070 Compressed: 1011676388 ~/Downloads via ☕ v11.0.11 on ☁️ (eu-west-2) took 16s ❯ cd liferay-ce-portal-7.4.3.7-ga7 ~/Downloads/liferay-ce-portal-7.4.3.7-ga7 on ☁️ (eu-west-2) ❯ find . -name "*log4j*.jar" -print ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-1.2-api.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/com.liferay.petra.log4j.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-core.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-api.jar ./elasticsearch-sidecar/7.10.2/lib/log4j-api-2.11.1.jar ./elasticsearch-sidecar/7.10.2/lib/log4j-core-2.11.1.jar Please sign in to reply. Reply as... Cancel
Olaf Kock Thomas Wolfram 2 Years Ago Yes, it'll be updated. But please keep in mind that Sidecar is ONLY meant for local development purposes. Such a computer should not be exposed, and a proper internet-visible installation must have a proper Elasticsearch (non-sidecar) setup. This way you'd be the only one who can attack yourself, and that only if the sidecar implementation logs any user-generated content. Please sign in to reply. Reply as... Cancel
Peter Pilgrim Thomas Wolfram 2 Years Ago - Edited This is also what I found. ~/Downloads via ☕ v11.0.11 on ☁️ (eu-west-2) ❯ 7za x liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z 7-Zip (a) [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28 p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64) Scanning the drive for archives: 1 file, 1011676388 bytes (965 MiB) Extracting archive: liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z -- Path = liferay-ce-portal-tomcat-7.4.3.7-ga7-20220107103529408.7z Type = 7z Physical Size = 1011676388 Headers Size = 34106 Method = LZMA2:24 Solid = + Blocks = 1 Everything is Ok Folders: 3384 Files: 2446 Size: 1157065070 Compressed: 1011676388 ~/Downloads via ☕ v11.0.11 on ☁️ (eu-west-2) took 16s ❯ cd liferay-ce-portal-7.4.3.7-ga7 ~/Downloads/liferay-ce-portal-7.4.3.7-ga7 on ☁️ (eu-west-2) ❯ find . -name "*log4j*.jar" -print ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-1.2-api.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/com.liferay.petra.log4j.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-core.jar ./tomcat-9.0.56/webapps/ROOT/WEB-INF/shielded-container-lib/log4j-api.jar ./elasticsearch-sidecar/7.10.2/lib/log4j-api-2.11.1.jar ./elasticsearch-sidecar/7.10.2/lib/log4j-core-2.11.1.jar Please sign in to reply. Reply as... Cancel
gavin lau 2 Years Ago - Edited Hi ,I checked it, blade int -v portal-7.4-ga7. can not find the version. Please sign in to reply. Reply as... Cancel Thomas Wolfram gavin lau 2 Years Ago - Edited I have the same problem: blade init -v portal-7.4-ga7 test-ga7 fails with "init: portal-7.4-ga7 is not a valid value." While: blade init -v portal-7.4-ga6 test-ga6 still works. Please sign in to reply. Reply as... Cancel Olaf Kock gavin lau 2 Years Ago Thank you for reporting. Should be available now Please sign in to reply. Reply as... Cancel
Thomas Wolfram gavin lau 2 Years Ago - Edited I have the same problem: blade init -v portal-7.4-ga7 test-ga7 fails with "init: portal-7.4-ga7 is not a valid value." While: blade init -v portal-7.4-ga6 test-ga6 still works. Please sign in to reply. Reply as... Cancel
Olaf Kock gavin lau 2 Years Ago Thank you for reporting. Should be available now Please sign in to reply. Reply as... Cancel
Fernando Fernandez 2 Years Ago - Edited While I welcome such frequent releases, which add great value to Portal CE, I wish somebody would do a blog post to explain this new release philosophy. Is this change going to be permanent? Or are we sometime going back to the rolling releases of 7.3? Please sign in to reply. Reply as... Cancel Jamie Sammons Fernando Fernandez 2 Years Ago Hi Fernando, I am currently working on an announcement and will post it once it is ready. But in short yes it is a continuation/improvement of the rolling release of 7.3. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited When is planned liferay 7.5* Please sign in to reply. Reply as... Cancel Jamie Sammons Riccardo Saponi 2 Years Ago Hi Riccardo, 7.4 will be an ongoing rolling release for the unforseeable future. Please see: https://liferay.dev/blogs/-/blogs/liferay-rolling-release-2022-update for more details. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited Thank you Jamie Please sign in to reply. Reply as... Cancel
Jamie Sammons Fernando Fernandez 2 Years Ago Hi Fernando, I am currently working on an announcement and will post it once it is ready. But in short yes it is a continuation/improvement of the rolling release of 7.3. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited When is planned liferay 7.5* Please sign in to reply. Reply as... Cancel Jamie Sammons Riccardo Saponi 2 Years Ago Hi Riccardo, 7.4 will be an ongoing rolling release for the unforseeable future. Please see: https://liferay.dev/blogs/-/blogs/liferay-rolling-release-2022-update for more details. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited Thank you Jamie Please sign in to reply. Reply as... Cancel
Riccardo Saponi Jamie Sammons 2 Years Ago - Edited When is planned liferay 7.5* Please sign in to reply. Reply as... Cancel Jamie Sammons Riccardo Saponi 2 Years Ago Hi Riccardo, 7.4 will be an ongoing rolling release for the unforseeable future. Please see: https://liferay.dev/blogs/-/blogs/liferay-rolling-release-2022-update for more details. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited Thank you Jamie Please sign in to reply. Reply as... Cancel
Jamie Sammons Riccardo Saponi 2 Years Ago Hi Riccardo, 7.4 will be an ongoing rolling release for the unforseeable future. Please see: https://liferay.dev/blogs/-/blogs/liferay-rolling-release-2022-update for more details. Please sign in to reply. Reply as... Cancel Riccardo Saponi Jamie Sammons 2 Years Ago - Edited Thank you Jamie Please sign in to reply. Reply as... Cancel
Riccardo Saponi Jamie Sammons 2 Years Ago - Edited Thank you Jamie Please sign in to reply. Reply as... Cancel
Scarletake Bwi 2 Years Ago - Edited upgrade very fast, any new features? Please sign in to reply. Reply as... Cancel Thomas Wolfram Scarletake Bwi 2 Years Ago - Edited The answer to your question you can find in the first sentence of the blog post above. Please sign in to reply. Reply as... Cancel
Thomas Wolfram Scarletake Bwi 2 Years Ago - Edited The answer to your question you can find in the first sentence of the blog post above. Please sign in to reply. Reply as... Cancel