From e8061b4ff1f09caa50499ed8d9a69482608c3fe9 Mon Sep 17 00:00:00 2001
From: Flole <flole@flole.de>
Date: Fri, 10 Dec 2021 19:20:18 +0100
Subject: [PATCH] Mitigate potential Remote-Code-Execution caused by
 CVE-2021-44228

Signed-off-by: Flole <flole@flole.de>
---
 distributions/openhab/src/main/resources/bin/setenv     | 3 ++-
 distributions/openhab/src/main/resources/bin/setenv.bat | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/distributions/openhab/src/main/resources/bin/setenv b/distributions/openhab/src/main/resources/bin/setenv
index 8fe691719f..2e1cf6f75b 100755
--- a/distributions/openhab/src/main/resources/bin/setenv
+++ b/distributions/openhab/src/main/resources/bin/setenv
@@ -110,7 +110,8 @@ export JAVA_OPTS="${JAVA_OPTS}
   -Dorg.apache.cxf.osgi.http.transport.disable=true
   -Dorg.ops4j.pax.web.listening.addresses=${HTTP_ADDRESS}
   -Dorg.osgi.service.http.port=${HTTP_PORT}
-  -Dorg.osgi.service.http.port.secure=${HTTPS_PORT}"
+  -Dorg.osgi.service.http.port.secure=${HTTPS_PORT}
+  -Dlog4j2.formatMsgNoLookups=true"
 
 #
 # set JVM options
diff --git a/distributions/openhab/src/main/resources/bin/setenv.bat b/distributions/openhab/src/main/resources/bin/setenv.bat
index aea0e94841..8a07fcd45a 100644
--- a/distributions/openhab/src/main/resources/bin/setenv.bat
+++ b/distributions/openhab/src/main/resources/bin/setenv.bat
@@ -127,7 +127,8 @@ set JAVA_OPTS=%JAVA_OPTS% ^
   -Dorg.apache.cxf.osgi.http.transport.disable=true ^
   -Dorg.ops4j.pax.web.listening.addresses=%HTTP_ADDRESS% ^
   -Dorg.osgi.service.http.port=%HTTP_PORT% ^
-  -Dorg.osgi.service.http.port.secure=%HTTPS_PORT%
+  -Dorg.osgi.service.http.port.secure=%HTTPS_PORT% ^
+  -Dlog4j2.formatMsgNoLookups=true
 
 :: set jvm options
 set EXTRA_JAVA_OPTS=-XX:+UseG1GC ^