Fix CVE-2014-3120, elasticsearch: remote code execution flaw via dynamic scripting Index: elasticsearch/config/elasticsearch.yml =================================================================== --- elasticsearch.orig/config/elasticsearch.yml +++ elasticsearch/config/elasticsearch.yml @@ -23,6 +23,8 @@ # For information on supported formats and syntax for the config file, see # +# CVE-2014-3120: Disable dynamic scripting by default +script.disable_dynamic: true ################################### Cluster ###################################