log4j vulnerability if we use containers on TrueNAS Scale?

J

JoeAtWork

Contributor
Joined
Aug 20, 2018
Messages
165
Hi All,

Are we protected from the log4j2 kooties if we use the containers with Scale?

Thanks,
Joe
 
Kris Moore

Kris Moore

SVP of Engineering
Administrator
Moderator
iXsystems
Joined
Nov 12, 2015
Messages
1,471
Yes and no. You probably still want to make sure your containers are patched and clean. If a container gets compromised, the data within could be accessed, and the files shared with it via a host-volume. It does provide a layer of protection against something running wild on the host, but you still be better off without running a compromised container in the first place.
 
truecharts

truecharts

Guru
Joined
Aug 19, 2021
Messages
788
From our side: We do provide automated security scans for all containers we use for our Apps, you should be able to find out if any of our Apps still have log4j related CVE's open just by looking at their documentation :)

We did do a few extra rounds of container updates, so if any have submitted patches they should be up-to-date...
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "log4j vulnerability if we use containers on TrueNAS Scale?"

Similar threads

J
air gap network still access docker containers?
Replies
2
Views
1K
JoeAtWork
J
M
Automatically update docker containers?
Replies
16
Views
7K
sretalla
sretalla
P
Backup APPs config
Replies
0
Views
2K
pabloalcantara
P
P
Communication Between Docker Containers - How?
Replies
4
Views
6K
paul56
P
N
Containers: Minimum node port 9000?
Replies
15
Views
15K
raskitoma
raskitoma
Top