Security issues of Elasticsearch v1.1.1 used in Talend Log Server

 Overview

Elasticsearch version 1.1.1 used in Talend Log Server has a security vulnerability issue, and this article proposes a solution to this issue that impacts Talend products versions 5.4.x to 5.6.1.
For more information on this issue, please read this page on the Elastic official website.

Environment

This article only applies to Talend products version between 5.4.x to 5.6.1.

Resolution

If you are running a Talend product with a version between 5.4.x and 5.6.1, and you have the Talend Log Server installed, you need to the following configuration changes to properly secure your system:

  1. Create a file called elasticsearch.yml in your Talend Log Server installation directory (/Talend/<version>/<Talend_logServer_dir>).
  2. Edit the file and add the following lines to disable dynamic scripting:

    script.disable_dynamic: true
    http.cors.allow-origin: "http://TAC_SERVER_HOST:TAC_SERVER_PORT"

     

  3. Restart Talend Log Server to take your changes into account.
Version history
Revision #:
1 of 1
Last update:
‎04-13-2017 09:14 PM
Updated by:
 
Labels (1)
Contributors