Elasticsearch version 1.1.1 used in Talend Log Server has a security vulnerability issue, and this article proposes a solution to this issue that impacts Talend products versions 5.4.x to 5.6.1.
For more information on this issue, please read the Security Issues page on the Elastic official website.
This article only applies to Talend products version between 5.4.x to 5.6.1.
If you are running a Talend product with a version between 5.4.x and 5.6.1, and you have the Talend Log Server installed, you need to complete the following configuration changes to properly secure your system:
Edit the file and add the following lines to disable dynamic scripting:
script.disable_dynamic: true http.cors.allow-origin: "http://TAC_SERVER_HOST:TAC_SERVER_PORT"