From 4b173eaddba0336130418be7906ea83b53b75464 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Fri, 10 Dec 2021 20:07:36 +0000
Subject: [PATCH] No lookups in Gerrit's log4j2 message formatting

This is a safety net in case Gerrit or one of its plugins is using
log4j2 in unsafe ways.

Change-Id: I9d0a05fdad379a1e47f88cc6faa9425614f6515b
---
 playbooks/roles/gerrit/templates/docker-compose.yaml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/roles/gerrit/templates/docker-compose.yaml.j2 b/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
index 98ef98b41f..4f370e4f29 100644
--- a/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
@@ -33,6 +33,7 @@ services:
     environment:
       JAVA_OPTIONS: >-
         -Xlog:gc*:file=/var/gerrit/logs/jvm_gc.log:time,uptime,tid,level,tags:filecount=10,filesize=20M
+        -Dlog4j2.formatMsgNoLookups=true
 {% if gerrit_heap_limit is defined %}
         -Xmx{{ gerrit_heap_limit }}
 {% endif %}