Hello Atlassian team,
I would like to know what are the stepts to follow to apply this manual remediation:
"The simplest remediation is to set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster.
For Elasticsearch 5.6.11+, 6.4+, and 7.0+, this provides full protection against the RCE and information leak attacks."
Which has been mentioned in the site: https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html?utm_source=alert-email&utm_medium=email&utm_campaign=Bitbucket%20Server%20and%20Data%20Center-advisory_december-2021_EML-12112&jobid=105331767&subid=1615953481
Since my product is Only Read Access, I have disabled the following services, is this useful?
Atlassian Bitbucket Elasticsearch 6.5.3 (AtlassianBitbucketElasticsearch)
Atlassian Bitbucket AtlassianBitbucket
Regards,
