Verified Commit cea7d291 authored by Raphaël Flores's avatar Raphaël Flores
Browse files

Mitigate log4shell security flaw CVE-2021-44228, CVE-2021-45046, CVE-2021-45105. SYS-1129.

parent ace14a92
......@@ -99,6 +99,15 @@ dependencyManagement {
}
dependencies {
constraints {
implementation("org.apache.logging.log4j:log4j-core") {
version {
strictly("[2.17, 3[")
prefer("2.17.0")
}
because("CVE-2021-44228, CVE-2021-45046, CVE-2021-45105: Log4j vulnerable to remote code execution and other critical security vulnerabilities")
}
}
// Spring
annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
......
......@@ -5,6 +5,7 @@ services:
container_name: elasticsearch-faidare
environment:
- discovery.type=single-node
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true"
ports:
- 9200:9200
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment