mitigate Log4J v2 CVE-2021-44228 by using LOG4J_FORMAT_MSG_NO_LOOKUPS env variable (#193)

Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
master
Guillaume Lours 3 years ago committed by GitHub
parent 1ffb3f1c9b
commit 60073f735c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -5,6 +5,7 @@ services:
environment: environment:
discovery.type: single-node discovery.type: single-node
ES_JAVA_OPTS: "-Xms512m -Xmx512m" ES_JAVA_OPTS: "-Xms512m -Xmx512m"
LOG4J_FORMAT_MSG_NO_LOOKUPS: true
ports: ports:
- "9200:9200" - "9200:9200"
- "9300:9300" - "9300:9300"
@ -21,6 +22,7 @@ services:
environment: environment:
discovery.seed_hosts: logstash discovery.seed_hosts: logstash
LS_JAVA_OPTS: "-Xms512m -Xmx512m" LS_JAVA_OPTS: "-Xms512m -Xmx512m"
LOG4J_FORMAT_MSG_NO_LOOKUPS: true
volumes: volumes:
- ./logstash/pipeline/logstash-nginx.config:/usr/share/logstash/pipeline/logstash-nginx.config - ./logstash/pipeline/logstash-nginx.config:/usr/share/logstash/pipeline/logstash-nginx.config
- ./logstash/nginx.log:/home/nginx.log - ./logstash/nginx.log:/home/nginx.log

Loading…
Cancel
Save