metasfresh / metasfresh-docker

GNU General Public License v2.0
37 stars 40 forks source link

#75 mitigate CVE-2021-44228 in elasticsearch container #76

Closed metas-jb closed 2 years ago

metas-jb commented 2 years ago

Deploying env-variable in Dockerfile of search container

ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true

as suggested here:


Tested by deploying to an instance and checking if the env-variable is set:

docker exec -it metasfresh-docker_search_1 /bin/bash

echo "$LOG4J_FORMAT_MSG_NO_LOOKUPS"
true #output