Scripting: remove groovy sandbox

Groovy sandboxing was disabled by default from 1.4.3 on though since we found out that it could be worked around, so it makes little sense to keep it and maintain it. Closes #10156 Closes #10480
2025-06-28 17:34:17 -04:00 · 2015-04-08 13:34:49 +02:00 · 2015-04-08 13:34:49 +02:00 · c914134355
commit c914134355
parent 371bc5a6b3
12 changed files with 15 additions and 532 deletions
--- a/docs/reference/modules/scripting.asciidoc
+++ b/docs/reference/modules/scripting.asciidoc
@ -11,26 +11,11 @@ The scripting module uses by default http://groovy.codehaus.org/[groovy]
 scripting language with some extensions. Groovy is used since it is extremely
 fast and very simple to use.

-.Groovy dynamic scripting disabled by default from v1.4.3
+.Groovy dynamic scripting off by default from v1.4.3
 [IMPORTANT]
 ===================================================

-Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have a vulnerability in the
-Groovy scripting engine.  The vulnerability allows an attacker to construct
-Groovy scripts that escape the sandbox and execute shell commands as the user
-running the Elasticsearch Java VM.
-
-If you are running a vulnerable version of Elasticsearch, you should either
-upgrade to at least v1.3.8 or v1.4.3, or disable dynamic Groovy scripts by
-adding this setting to the `config/elasticsearch.yml` file in all nodes in the
-cluster:
-
-[source,yaml]
-----------------------------------
-script.groovy.sandbox.enabled: false
-----------------------------------
-
-This will turn off the Groovy sandbox, thus preventing dynamic Groovy scripts
+Groovy dynamic scripting is off by default, preventing dynamic Groovy scripts
 from being accepted as part of a request or retrieved from the special
 `.scripts` index. You will still be able to use Groovy scripts stored in files
 in the `config/scripts/` directory on every node.
@ -351,39 +336,6 @@ The default scripting language (assuming no `lang` parameter is provided) is
 `groovy`. In order to change it, set the `script.default_lang` to the
 appropriate language.

-[float]
-=== Groovy Sandboxing
-
-Elasticsearch sandboxes Groovy scripts that are compiled and executed in order
-to ensure they don't perform unwanted actions. There are a number of options
-that can be used for configuring this sandbox:
-
-`script.groovy.sandbox.receiver_whitelist`::
-
-    Comma-separated list of string classes for objects that may have methods
-    invoked.
-
-`script.groovy.sandbox.package_whitelist`::
-
-    Comma-separated list of packages under which new objects may be constructed.
-
-`script.groovy.sandbox.class_whitelist`::
-
-    Comma-separated list of classes that are allowed to be constructed.
-
-`script.groovy.sandbox.method_blacklist`::
-
-    Comma-separated list of methods that are never allowed to be invoked,
-    regardless of target object.
-
-`script.groovy.sandbox.enabled`::
-
-    Flag to enable the sandbox (defaults to `false` meaning the sandbox is
-    disabled).
-
-When specifying whitelist or blacklist settings for the groovy sandbox, all
-options replace the current whitelist, they are not additive.
-
 [float]
 === Automatic Script Reloading