Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-5819

Apply the log4j2 dns lookup fix to the demo bundled Elasticsearch script

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: L3 - Default L3 - Default
    • 3.6.4, 3.7.0
    • None
    • backend
    • None
    • Not defined

      Context:
      Elasticsearch <7.16.1 shipping with log4j2 dependencies is affected by a 0-day remote code execution exploit,
      see https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

      However Optimize is not yet compatible with the latest Elasticsearch 7.16.1 version containing a mitigation, thus the script to start elasticsearch as part of the Optimize demo distribution must apply the mitigation suggested by Elastic for older version by setting the following JVM Option -Dlog4j2.formatMsgNoLookups=true

      AT:

      • the Optimize demo distribution elastic script sets the JVM Option -Dlog4j2.formatMsgNoLookups=true

      Out of scope:
      Official 7.16 support will get added with https://jira.camunda.com/browse/OPT-5824

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              sebastian.bathke Sebastian Bathke
              Sebastian Bathke Sebastian Bathke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: