ONLYOFFICE 7.0: online forms, password protection in sheets, collaboration improvements and much more
ONLYOFFICE 7.0 released

Important: protect your ONLYOFFICE Workspace against the security issue in log4j

Hello!

For your information – ONLYOFFICE Workspace does not use the log4j library, that’s why our code is not affected by the important security issue in log4j.

However, ONLYOFFICE Workspace provides the implemented Elasticsearch service for full-text search and indexing which is affected by the mentioned vulnerability.

To fully protect your ONLYOFFICE Workspace against the security issue in log4j, please check the official recommendations from Elasticsearch and follow our instructions.

For Docker

  1. Get SSH access to ONLYOFFICE Community Server. Usually, you can do it with the following command:
    docker exec -it onlyoffice-community-server /bin/bash

  2. Edit the /etc/elasticsearch/jvm.options file by adding the following line:

    -Dlog4j2.formatMsgNoLookups=true

  3. Restart ONLYOFFICE Community Server:

    docker stop onlyoffice-community server

    docker start onlyoffice-community-server

Note: please execute these commands from the host system and NOT inside the Docker container.

For CentOS/Debian

  1. Edit the /etc/elasticsearch/jvm.options file by adding the following line:

    -Dlog4j2.formatMsgNoLookups=true

  2. Restart Elasticsearch:

    systemctl restart elasticsearch

For Windows

  1. Get access to ONLYOFFICE Community Server.

  2. Edit the %programdata%\Elastic\Elasticsearch\config\jvm.options file by adding the following line:

    -Dlog4j2.formatMsgNoLookups=true

  3. Restart the service: Elasticsearch

Please don’t hesitate to contact our support team or reach out to us on forum if you have any additional questions.

Stay safe!

Sincerely,

ONLYOFFICE Team

www.onlyoffice.com