From cfccbe05c158b75e520581f86e9668291da5c70a Mon Sep 17 00:00:00 2001
From: allegroai <>
Date: Tue, 14 Dec 2021 15:15:11 +0200
Subject: [PATCH] Add precautionary mitigation for Apache Log4j2 Remote Code
 Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31

---
 docker/docker-compose.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index f171f78..068ac60 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -39,7 +39,7 @@ services:
       - backend
     container_name: clearml-elastic
     environment:
-      ES_JAVA_OPTS: -Xms2g -Xmx2g
+      ES_JAVA_OPTS: -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true
       ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
       bootstrap.memory_lock: "true"
       cluster.name: clearml
@@ -123,7 +123,9 @@ services:
       - backend
     container_name: clearml-agent-services
     image: allegroai/clearml-agent-services:latest
-    restart: unless-stopped
+    deploy:
+      restart_policy:
+        condition: on-failure
     privileged: true
     environment:
       CLEARML_HOST_IP: ${CLEARML_HOST_IP}
@@ -144,6 +146,7 @@ services:
       GOOGLE_APPLICATION_CREDENTIALS: ${GOOGLE_APPLICATION_CREDENTIALS:-}
       CLEARML_WORKER_ID: "clearml-services"
       CLEARML_AGENT_DOCKER_HOST_MOUNT: "/opt/clearml/agent:/root/.clearml"
+      SHUTDOWN_IF_NO_ACCESS_KEY: 1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /opt/clearml/agent:/root/.clearml