From dc715fa64f6b6a58687cb0667b0e08ed50137a96 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Tue, 14 Jul 2026 08:23:02 -0500 Subject: [PATCH 1/2] chore(ci): Fix e2e test breakage for `qa:elastic-logstash` (#3398) --- e2etests/testcase_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index bc017ff93..92e88d83f 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -3297,7 +3297,7 @@ var testCases = []testCase{ }, { Name: "CVE-2026-34481", - Description: "Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage containing an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.", + Description: "Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage, or logs an object directly (e.g., via Logger.info(Object), which wraps it in an ObjectMessage), where the message contains an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue. Note: The fix released in version 2.25.4 did not cover all affected code paths. CVE-2026-49844 was assigned to the remaining issue, which concerns the MapMessage.asJson() serialization in Apache Log4j API and is fixed in versions 2.25.5 and 2.26.1.", Link: "https://nvd.nist.gov/vuln/detail/CVE-2026-34481", Severity: "Important", Metadata: map[string]interface{}{ From 2f5e7fc549186631180b60c2fa8c9d8757f66d01 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Tue, 14 Jul 2026 12:41:11 -0500 Subject: [PATCH 2/2] empty commit to trigger CI