From d3ab2ba89cf7a65edc2dc2e8619b29488ca47d4e Mon Sep 17 00:00:00 2001 From: "Denis V. Meltsaykin" Date: Mon, 13 Dec 2021 18:03:50 +0100 Subject: [PATCH 1/1] Mitigate data leak MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The data that can be leaked is limited to those available via Log4j “lookups”, which includes system environment variables and a limited set of environmental data from other sources. Partial Bug: PROD-36713 Change-Id: I090cc72ef865b73f6ca554b294d7828a2071b9c1 --- elasticsearch/files/v6/jvm.options | 2 ++ 1 file changed, 2 insertions(+) diff --git a/elasticsearch/files/v6/jvm.options b/elasticsearch/files/v6/jvm.options index f0dd096..bf3b30b 100644 --- a/elasticsearch/files/v6/jvm.options +++ b/elasticsearch/files/v6/jvm.options @@ -72,6 +72,8 @@ -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true +# mitigate information leak +-Dlog4j2.formatMsgNoLookups=true ## heap dumps -- 2.32.7