For Tridion Sites 9.5 and Elasticsearch, what log4j remediation actions are advised?

- For Tridion Sites 9.5 and other product versions, see KB article Log4j vulnerability impact on Tridion Sites 9.5 and other versions
- Administrator has installed Elasticsearch 7.7 to an on-premise server for the Experience Optimization or the Content Delivery search functionality.
- Administrator would like to know whether the log4j-1.2-api-2.11.1.jar file included in the Elasticsearch installation is a security vulnerability and how to address this if so.

Elasticsearch is not supported by RWS, but there is this comment on the Elasticsearch forum
https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
"The simplest remediation is to set the JVM option 3.1k -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster.
For Elasticsearch 5.6.11+, 6.4+, and 7.0+, this provides full protection against the RCE and information leak attacks."

This is what RWS has done in our Tridion Sites hosted environments.  However an administrator may also explore the other options discussed in the Elasticsearch announcement if desired.