Address log4j2 remote code execution vulnerability, acknowledging that, according to ElasticSearch, "Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change. The information leak does not permit access to data within the Elasticsearch cluster."
Add -Dlog4j2.formatMsgNoLookups=true to elasticsearch docker container environment variables in docker-compose.yml files per the Elastic Search recommendations above.
Address log4j2 remote code execution vulnerability, acknowledging that, according to ElasticSearch, "Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change. The information leak does not permit access to data within the Elasticsearch cluster."
Add
-Dlog4j2.formatMsgNoLookups=trueto elasticsearch docker container environment variables in docker-compose.yml files per the Elastic Search recommendations above.