From ecbd96bebbe9f70b1e3ea09b3794c8058ce93980 Mon Sep 17 00:00:00 2001 From: Piotr Parczewski Date: Wed, 15 Dec 2021 17:01:11 +0100 Subject: [PATCH] [Security] Add log4j vulnerability mitigation in Elasticsearch Change-Id: I2d4a4fab35771723be82a1c8b98dbe4cc3164f58 --- ansible/roles/elasticsearch/defaults/main.yml | 2 +- releasenotes/notes/security-log4j-1be047799f8e590a.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/security-log4j-1be047799f8e590a.yaml diff --git a/ansible/roles/elasticsearch/defaults/main.yml b/ansible/roles/elasticsearch/defaults/main.yml index 10232d6997..1d4ecd892f 100644 --- a/ansible/roles/elasticsearch/defaults/main.yml +++ b/ansible/roles/elasticsearch/defaults/main.yml @@ -38,7 +38,7 @@ elasticsearch_enable_keystone_registration: False elasticsearch_cluster_name: "kolla_logging" es_heap_size: "1g" -es_java_opts: "{% if es_heap_size %}-Xms{{ es_heap_size }} -Xmx{{ es_heap_size }}{%endif%}" +es_java_opts: "{% if es_heap_size %}-Xms{{ es_heap_size }} -Xmx{{ es_heap_size }}{%endif%} -Dlog4j2.formatMsgNoLookups=true" ####################### # Elasticsearch Curator diff --git a/releasenotes/notes/security-log4j-1be047799f8e590a.yaml b/releasenotes/notes/security-log4j-1be047799f8e590a.yaml new file mode 100644 index 0000000000..ae4a3c3e77 --- /dev/null +++ b/releasenotes/notes/security-log4j-1be047799f8e590a.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + Adds mitigation for the Apache Log4j2 Remote Code Execution (RCE) + Vulnerability in Elasticsearch - CVE-2021-44228.