Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
ALERT: The support homepage carousel is not displaying. We are working toward a resolution.

Security issues of Elasticsearch v1.1.1 used in Talend Log Server

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
TalendSolutionExpert
Contributor II
Contributor II

Security issues of Elasticsearch v1.1.1 used in Talend Log Server

Last Update:

Feb 9, 2024 1:22:49 PM

Updated By:

Jamie_Gregory

Created date:

Apr 1, 2021 6:03:01 AM

Overview

Elasticsearch version 1.1.1 used in Talend Log Server has a security vulnerability issue, and this article proposes a solution to this issue that impacts Talend products versions 5.4.x to 5.6.1.

For more information on this issue, please read the Security Issues page on the Elastic official website.

 

Environment

This article only applies to Talend products version between 5.4.x to 5.6.1.

Resolution

If you are running a Talend product with a version between 5.4.x and 5.6.1, and you have the Talend Log Server installed, you need to complete the following configuration changes to properly secure your system:

  1. Create a file called elasticsearch.yml in your Talend Log Server installation directory (/Talend/version/Talend_logServer_dir).

  2. Edit the file and add the following lines to disable dynamic scripting:

    script.disable_dynamic: true
http.cors.allow-origin: "http://TAC_SERVER_HOST:TAC_SERVER_PORT"
  3. Restart the Talend Log Server to incorporate your changes.
175 Views
Was this article helpful? Yes No
Version history
Last update:
‎2024-02-09 01:22 PM
Updated by:
Community Manager