Mitigate data leak The data that can be leaked is limited to those available via Log4j “lookups”, which includes system environment variables and a limited set of environmental data from other sources. Partial Bug: PROD-36713 Change-Id: I090cc72ef865b73f6ca554b294d7828a2071b9c1

commit: d3ab2ba89cf7a65edc2dc2e8619b29488ca47d4e [log] [tgz]
author: Denis V. Meltsaykin <dmeltsaykin@mirantis.com> Mon Dec 13 18:03:50 2021 +0100
committer: Denis Meltsaykin <dmeltsaykin@mirantis.com> Mon Dec 13 17:27:30 2021 +0000
tree: 75d9eb5261b7e474b26bec6ab693860d3c40896d
parent: 5aab3fcbc1bf92adddcc538b176e90eb98f2ebea [diff]
diff --git a/elasticsearch/files/v6/jvm.options b/elasticsearch/files/v6/jvm.options
index f0dd096..bf3b30b 100644
--- a/elasticsearch/files/v6/jvm.options
+++ b/elasticsearch/files/v6/jvm.options

@@ -72,6 +72,8 @@
 -Dlog4j.shutdownHookEnabled=false
 -Dlog4j2.disable.jmx=true
 -Dlog4j.skipJansi=true
+# mitigate information leak
+-Dlog4j2.formatMsgNoLookups=true
 
 ## heap dumps
commit	d3ab2ba89cf7a65edc2dc2e8619b29488ca47d4e	[log] [tgz]
author	Denis V. Meltsaykin <dmeltsaykin@mirantis.com>	Mon Dec 13 18:03:50 2021 +0100
committer	Denis Meltsaykin <dmeltsaykin@mirantis.com>	Mon Dec 13 17:27:30 2021 +0000
tree	75d9eb5261b7e474b26bec6ab693860d3c40896d
parent	5aab3fcbc1bf92adddcc538b176e90eb98f2ebea [diff]