blob: 843fb06838b55e2b2062b21956c66e01efd4eba1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Fix CVE-2014-3120, elasticsearch: remote code execution flaw via dynamic scripting
Index: elasticsearch/config/elasticsearch.yml
===================================================================
--- elasticsearch.orig/config/elasticsearch.yml
+++ elasticsearch/config/elasticsearch.yml
@@ -23,6 +23,8 @@
# For information on supported formats and syntax for the config file, see
# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
+# CVE-2014-3120: Disable dynamic scripting by default
+script.disable_dynamic: true
################################### Cluster ###################################
|