Is there an easy way to delete the 'log4j hotfix' tool that gets installed as a dependency of Corretto?

We recently switched to using Corretto Java 11 and I noticed that something called log4j-cve-2021-44228-hotpatch gets installed as a dependency. This package executes a script that appears to be modifying the Java runtime to install an agent that will somehow patch vulnerable versions of log4j. Looking at journalctl, I see this script runs every 30 minutes.

We don't use log4j and we don't have it installed on our EC2 instances. We have over 100 EC2 instances. Is there an easy way to permanently remove this tool or do we have to switch to the OpenJDK Java release?

Argomenti

Strumenti per sviluppatori Computazionali

Tag

Amazon Corretto Amazon Linux

Lingua

English

kensei62

posta un anno fa78 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come faccio a correggere l'errore "Unable to validate the following destination configurations" in AWS CloudFormation?
AWS UFFICIALEAggiornata 2 anni fa
Come faccio a evitare l'errore "Unable to validate the following destination configurations" con le notifiche degli eventi Lambda in CloudFormation?
AWS UFFICIALEAggiornata 3 anni fa
Come posso risolvere l'errore di CloudFormation "Unable to assume role and validate" quando avvio una risorsa Amazon ECS?
AWS UFFICIALEAggiornata 3 mesi fa
Come posso risolvere l'errore “This image is managed by AWS Backup and cannot be deleted via EC2 APIs. To delete this image, please use the AWS Backup APIs, CLI, or console." quando cerco di eliminare un backup di Amazon EC2?
AWS UFFICIALEAggiornata 10 mesi fa