From: Denis V. Meltsaykin <dmeltsaykin@mirantis.com>
Date: Mon, 13 Dec 2021 17:03:50 +0000 (+0100)
Subject: Mitigate data leak
X-Git-Url: https://gerrit.mcp.mirantis.com/gitweb?p=salt-formulas%2Felasticsearch.git;a=commitdiff_plain;h=refs%2Fheads%2Frelease%2F2019.2.0;ds=inline

Mitigate data leak

The data that can be leaked is limited to those available via Log4j “lookups”,
which includes system environment variables and a limited set of
environmental data from other sources.

Partial Bug: PROD-36713

Change-Id: I090cc72ef865b73f6ca554b294d7828a2071b9c1
---

diff --git a/elasticsearch/files/v6/jvm.options b/elasticsearch/files/v6/jvm.options
index f0dd096..bf3b30b 100644
--- a/elasticsearch/files/v6/jvm.options
+++ b/elasticsearch/files/v6/jvm.options
@@ -72,6 +72,8 @@
 -Dlog4j.shutdownHookEnabled=false
 -Dlog4j2.disable.jmx=true
 -Dlog4j.skipJansi=true
+# mitigate information leak
+-Dlog4j2.formatMsgNoLookups=true
 
 ## heap dumps