deployment: Use own patched elasticsearch image

openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml

@@ -120,7 +120,7 @@ services:
 
 
     elasticsearch:
-        image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
+        image: openvidu/openvidu-elasticsearch:7.8.0
         restart: always
         environment:
             - discovery.type=single-node

openvidu-server/docker/openvidu-elasticsearch/Dockerfile

@@ -0,0 +1,15 @@
+ARG ELASTICSEARCH_VERSION
+FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_VERSION}
+
+# Remove class which causes the CVE-2021-44228 and CVE-2021-45046 and disable log4j Message lookup
+# Elasticsearch mention that versions using jdk9+ they use a property which makes elasticsearch not susceptible of
+# RCE or DNS lookup. This is just to be 100% sure that the library can not potentialy in the future be triggered.
+# Those mitigation are the recommended ones:
+# - https://xeraa.net/blog/2021_mitigate-log4j2-log4shell-elasticsearch/
+# - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
+ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
+RUN for jar_file in $(find / -name '*.jar' -exec grep -Hls JndiLookup.class {} \;); do \
+        zip -q -d "${jar_file}" org/apache/logging/log4j/core/lookup/JndiLookup.class; \
+    done
+
+

openvidu-server/docker/openvidu-elasticsearch/create_image.sh

@@ -0,0 +1,7 @@
+#!/bin/bash -x
+VERSION=$1
+if [[ ! -z $VERSION ]]; then
+    docker build --pull --no-cache --rm=true --build-arg ELASTICSEARCH_VERSION="$VERSION" -t openvidu/openvidu-elasticsearch:$VERSION .
+else
+    echo "Error: You need to specify a version as first argument"
+fi