mitigate Log4J v2 CVE-2021-44228 by using LOG4J_FORMAT_MSG_NO_LOOKUPS env variable (#193)

Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
This commit is contained in:
Guillaume Lours 2021-12-12 00:10:18 +01:00 committed by GitHub
parent 1ffb3f1c9b
commit 60073f735c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -5,6 +5,7 @@ services:
environment:
discovery.type: single-node
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
LOG4J_FORMAT_MSG_NO_LOOKUPS: true
ports:
- "9200:9200"
- "9300:9300"
@ -21,6 +22,7 @@ services:
environment:
discovery.seed_hosts: logstash
LS_JAVA_OPTS: "-Xms512m -Xmx512m"
LOG4J_FORMAT_MSG_NO_LOOKUPS: true
volumes:
- ./logstash/pipeline/logstash-nginx.config:/usr/share/logstash/pipeline/logstash-nginx.config
- ./logstash/nginx.log:/home/nginx.log