Set -Dlog4j2.formatMsgNoLookups=true on bundled Elasticsearch

Bitbucket Server and Data Center include a bundled Elasticsearch, this may or not be used depending on how Bitbucket is configured. Specifically:

• By default Bitbucket will start the bundled Elasticsearch
• If Bitbucket is started with the --no-search parameter then the bundled Elasticsearch is not started. This is common for Bitbucket clusters, where an external Elasticsearch must be used, one that is used by all nodes of the cluster.

The vendor has made the following announcement regarding CVE-2021-44228: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Elasticsearch 6 and 7 are not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch running on JDK8 or below is susceptible to an information leak via DNS which is fixable by the JVM option identified below.

More details are supplied in that document in the section "Details on Elasticsearch information leakage".

The mitigation for the above mentioned information leak involves passing -Dlog4j2.formatMsgNoLookups=true to the JVM that runs Elasticsearch. This should be applied to the startup scripts Bitbucket ships.

If you are unable to install an updated version of Bitbucket Server, make the following change to the Elasticsearch JVM options file then restart Bitbucket Server:

Add the following line to the bottom of the file $BITBUCKET_HOME/shared/search/jvm.options

-Dlog4j2.formatMsgNoLookups=true