The data that can be leaked is limited to those available via Log4j “lookups”,
which includes system environment variables and a limited set of
environmental data from other sources.
Partial Bug: PROD-36713
Change-Id: I090cc72ef865b73f6ca554b294d7828a2071b9c1
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Dlog4j.skipJansi=true
+# mitigate information leak
+-Dlog4j2.formatMsgNoLookups=true
## heap dumps
'default': {
'service_failed_warning_threshold_percent': 0.3,
'service_failed_critical_threshold_percent': 0.6,
- 'service_disk_space_watermark_minor_threshold_percent': 0.6,
- 'service_disk_space_watermark_major_threshold_percent': 0.75,
+ 'service_disk_space_watermark_minor_threshold_percent': 0.8,
+ 'service_disk_space_watermark_major_threshold_percent': 0.85,
},
}, grain='os_family', merge=salt['pillar.get']('elasticsearch:monitoring')) %}
log_info "Setting up Python virtualenv"
virtualenv $VENV_DIR
source ${VENV_DIR}/bin/activate
- python -m pip install salt${PIP_SALT_VERSION}
+ python -m pip install salt${PIP_SALT_VERSION} 'msgpack<1'
}
setup_mock_bin() {