summaryrefslogtreecommitdiff
path: root/debian/patches/0005-CVE-2014-3120-disable-dynamic-scripting.patch
blob: 843fb06838b55e2b2062b21956c66e01efd4eba1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Fix CVE-2014-3120, elasticsearch: remote code execution flaw via dynamic scripting
Index: elasticsearch/config/elasticsearch.yml
===================================================================
--- elasticsearch.orig/config/elasticsearch.yml
+++ elasticsearch/config/elasticsearch.yml
@@ -23,6 +23,8 @@
 # For information on supported formats and syntax for the config file, see
 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
 
+# CVE-2014-3120: Disable dynamic scripting by default
+script.disable_dynamic: true
 
 ################################### Cluster ###################################