Merge pull request #1315 from edx/feanil/elasticsearch_scripting

Disable dynamic scripting for elasticsearch.

playbooks/roles/elasticsearch/templates/edx/etc/elasticsearch/elasticsearch.yml.j2

@@ -16,6 +16,11 @@ path.logs: {{elasticsearch_log_dir}}
 #
 bootstrap.mlockall: true
 
+# Disable dynamic scripting as it is insecure and we don't use it
+# See: http://bouk.co/blog/elasticsearch-rce/
+# CVE: CVE-2014-3120
+script.disable_dynamic: true
+
 # Unicast discovery allows to explicitly control which nodes will be used
 # to discover the cluster. It can be used when multicast is not present,
 # or to restrict the cluster communication-wise.
@@ -37,4 +42,4 @@ bootstrap.mlockall: true
 
 discovery.zen.ping.unicast.hosts: ['{{hosts|join("\',\'") }}']
 
-{% endif -%}
+{% endif -%}
\ No newline at end of file