An important Java vulnerability is affecting the following Software Factory service:
- elasticsearch
- logstash
Install the mitigation from the install server by running these commands:
ansible elasticsearch -m lineinfile -a "path=/etc/sysconfig/elasticsearch regexp='^ES_JAVA_OPTS=.*' line='ES_JAVA_OPTS=\"-Dlog4j2.formatMsgNoLookups=true\"'"
ansible elasticsearch -m service -a "name=elasticsearch state=restarted"
ansible logstash -m lineinfile -a "path=/etc/sysconfig/logstash regexp='^LS_JAVA_OPTS=.*' line='LS_JAVA_OPTS=\"-Dlog4j2.formatMsgNoLookups=true\"' create=yes"
ansible logstash -m service -a "name=logstash state=restarted"
Note that Gerrit and ZooKeeper are not affected, see: