We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-5819

Apply the log4j2 dns lookup fix to the demo bundled Elasticsearch script

    • Icon: Task Task
    • Resolution: Done
    • Icon: L3 - Default L3 - Default
    • 3.6.4, 3.7.0
    • None
    • backend
    • None
    • Not defined

      Context:
      Elasticsearch <7.16.1 shipping with log4j2 dependencies is affected by a 0-day remote code execution exploit,
      see https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

      However Optimize is not yet compatible with the latest Elasticsearch 7.16.1 version containing a mitigation, thus the script to start elasticsearch as part of the Optimize demo distribution must apply the mitigation suggested by Elastic for older version by setting the following JVM Option -Dlog4j2.formatMsgNoLookups=true

      AT:

      • the Optimize demo distribution elastic script sets the JVM Option -Dlog4j2.formatMsgNoLookups=true

      Out of scope:
      Official 7.16 support will get added with https://jira.camunda.com/browse/OPT-5824

        This is the controller panel for Smart Panels app

            Loading...
            Uploaded image for project: 'Camunda Optimize'
            1. Camunda Optimize
            2. OPT-5819

            Apply the log4j2 dns lookup fix to the demo bundled Elasticsearch script

              • Icon: Task Task
              • Resolution: Done
              • Icon: L3 - Default L3 - Default
              • 3.6.4, 3.7.0
              • None
              • backend
              • None
              • Not defined

                Context:
                Elasticsearch <7.16.1 shipping with log4j2 dependencies is affected by a 0-day remote code execution exploit,
                see https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

                However Optimize is not yet compatible with the latest Elasticsearch 7.16.1 version containing a mitigation, thus the script to start elasticsearch as part of the Optimize demo distribution must apply the mitigation suggested by Elastic for older version by setting the following JVM Option -Dlog4j2.formatMsgNoLookups=true

                AT:

                • the Optimize demo distribution elastic script sets the JVM Option -Dlog4j2.formatMsgNoLookups=true

                Out of scope:
                Official 7.16 support will get added with https://jira.camunda.com/browse/OPT-5824

                  This is the controller panel for Smart Panels app

                        Unassigned Unassigned
                        sebastian.bathke Sebastian Bathke
                        Sebastian Bathke Sebastian Bathke
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        1 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                              Unassigned Unassigned
                              sebastian.bathke Sebastian Bathke
                              Sebastian Bathke Sebastian Bathke
                              Votes:
                              0 Vote for this issue
                              Watchers:
                              1 Start watching this issue

                                Created:
                                Updated:
                                Resolved: