This is an automated email from the ASF dual-hosted git repository.
dlmarion pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/accumulo.git
The following commit(s) were added to refs/heads/2.1 by this push:
new ffbfb3eb55 Implement workaround in accumulo-env.sh for OpenTelemetry
CVE (#6288)
ffbfb3eb55 is described below
commit ffbfb3eb550a592a86bcf2a7861d181b4fdae57a
Author: Dave Marion <[email protected]>
AuthorDate: Thu Apr 2 14:53:46 2026 -0400
Implement workaround in accumulo-env.sh for OpenTelemetry CVE (#6288)
Added a system property in accumulo-env.sh to disable the RMI
instrumentation of the OpenTelemetry Java Agent. See
https://github.com/apache/accumulo/security/dependabot/25 for
more information.
Co-authored-by: Daniel Roberts <[email protected]>
---
assemble/conf/accumulo-env.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/assemble/conf/accumulo-env.sh b/assemble/conf/accumulo-env.sh
index 6a515ab276..3fc174d897 100644
--- a/assemble/conf/accumulo-env.sh
+++ b/assemble/conf/accumulo-env.sh
@@ -117,6 +117,8 @@ JAVA_OPTS=("-Daccumulo.log.dir=${ACCUMULO_LOG_DIR}"
"-Dlog4j2.statusLoggerLevel=ERROR"
"-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
"-Dotel.service.name=${ACCUMULO_SERVICE_INSTANCE}"
+ # Mitigation for CVE-2026-33701
+ "-Dotel.instrumentation.rmi.enabled=false"
"${JAVA_OPTS[@]}"
)
