Add precautionary mitigation for Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31

2025-03-03 10:43:10 +00:00 · 2021-12-14 15:15:11 +02:00 · 2021-12-14 15:15:11 +02:00 · cfccbe05c1
commit cfccbe05c1
parent e352a6a1e7
1 changed files with 5 additions and 2 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -39,7 +39,7 @@ services:
      - backend
    container_name: clearml-elastic
    environment:
-      ES_JAVA_OPTS: -Xms2g -Xmx2g
+      ES_JAVA_OPTS: -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      bootstrap.memory_lock: "true"
      cluster.name: clearml
@ -123,7 +123,9 @@ services:
      - backend
    container_name: clearml-agent-services
    image: allegroai/clearml-agent-services:latest
-    restart: unless-stopped
+    deploy:
+      restart_policy:
+        condition: on-failure
    privileged: true
    environment:
      CLEARML_HOST_IP: ${CLEARML_HOST_IP}
@ -144,6 +146,7 @@ services:
      GOOGLE_APPLICATION_CREDENTIALS: ${GOOGLE_APPLICATION_CREDENTIALS:-}
      CLEARML_WORKER_ID: "clearml-services"
      CLEARML_AGENT_DOCKER_HOST_MOUNT: "/opt/clearml/agent:/root/.clearml"
+      SHUTDOWN_IF_NO_ACCESS_KEY: 1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/clearml/agent:/root/.clearml