[OPT-5819] Apply the log4j2 dns lookup fix to the demo bundled Elasticsearch script

Type: Task
Resolution: Done
Priority: L3 - Default
Fix Version/s: 3.6.4, 3.7.0
Affects Version/s: None
Component/s: backend
Labels:
None

Effort:
Not defined

Context:
Elasticsearch <7.16.1 shipping with log4j2 dependencies is affected by a 0-day remote code execution exploit,
see https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

However Optimize is not yet compatible with the latest Elasticsearch 7.16.1 version containing a mitigation, thus the script to start elasticsearch as part of the Optimize demo distribution must apply the mitigation suggested by Elastic for older version by setting the following JVM Option -Dlog4j2.formatMsgNoLookups=true

AT:

the Optimize demo distribution elastic script sets the JVM Option -Dlog4j2.formatMsgNoLookups=true

Out of scope:
Official 7.16 support will get added with https://jira.camunda.com/browse/OPT-5824

This is the controller panel for Smart Panels app

Sebastian Bathke created issue - 13/Dec/21 2:37 PM

Sebastian Bathke made changes - 13/Dec/21 2:41 PM

Labels

Original: next_release

New: current_release

Sebastian Bathke made changes - 13/Dec/21 2:42 PM

Fix Version/s

New: 3.7.0 [ 16990 ]

Sebastian Bathke made changes - 13/Dec/21 2:43 PM

Fix Version/s

New: 3.6.4 [ 17413 ]

Sebastian Bathke made changes - 13/Dec/21 2:57 PM

Status

Original: Open [ 1 ]

New: In Development [ 10312 ]

Sebastian Bathke made changes - 13/Dec/21 3:43 PM

Status

Original: In Development [ 10312 ]

New: In Review [ 10212 ]

Sebastian Bathke made changes - 13/Dec/21 5:18 PM

Description

Original: Context:
Due to Elastic shipping with log4j2 dependencies that are affected by a 0-day remote code execution exploit, the elastic version shipped with the Optimize Demo dsitribution should get updated to the latest fixed version 7.16.1.
See https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

AT:
- the Optimize demo distribution ships with Elasticsearch 7.16.1

New: Context:
Due to Elastic shipping with log4j2 dependencies that are affected by a 0-day remote code execution exploit, the elastic version shipped with the Optimize Demo dsitribution should get updated to the latest fixed version 7.16.1.
See https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

AT:
- the Optimize demo distribution ships with Elasticsearch 7.16.1

Out of scope:
Official 7.16 support will get added with https://jira.camunda.com/browse/OPT-5824
This change is solely about updating the bundled elasticsearch in the demo distribution.

Sebastian Bathke made changes - 13/Dec/21 5:18 PM

Mentioned Roles

Sebastian Bathke made changes - 13/Dec/21 5:18 PM

Mentioned Groups

Sebastian Bathke made changes - 13/Dec/21 6:40 PM

Summary

Original: Update the Elasticsearch distribution to 7.16.1

New: Apply the log4j2 dns lookup fix to the demo bundled Elasticsearch script

Assignee:: Unassigned

Reporter:: Sebastian Bathke

DRI:: Sebastian Bathke

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 13/Dec/21 2:37 PM

Updated:: 01/Aug/22 5:04 PM

Resolved:: 14/Dec/21 4:57 PM

Camunda Optimize

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Dates

Salesforce