mirror of https://github.com/OpenVidu/openvidu.git
16 lines
896 B
Docker
16 lines
896 B
Docker
ARG ELASTICSEARCH_VERSION
|
|
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_VERSION}
|
|
|
|
# Remove class which causes the CVE-2021-44228 and CVE-2021-45046 and disable log4j Message lookup
|
|
# Elasticsearch mention that versions using jdk9+ they use a property which makes elasticsearch not susceptible of
|
|
# RCE or DNS lookup. This is just to be 100% sure that the library can not potentialy in the future be triggered.
|
|
# Those mitigation are the recommended ones:
|
|
# - https://xeraa.net/blog/2021_mitigate-log4j2-log4shell-elasticsearch/
|
|
# - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
|
|
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
|
|
RUN for jar_file in $(find / -name '*.jar' -exec grep -Hls JndiLookup.class {} \;); do \
|
|
zip -q -d "${jar_file}" org/apache/logging/log4j/core/lookup/JndiLookup.class; \
|
|
done
|
|
|
|
|