https://bugzilla.redhat.com/show_bug.cgi?id=902086 --- Comment #123 from jiri vanek <jvanek@xxxxxxxxxx> --- (In reply to Paul Howarth from comment #121) > (In reply to jiri vanek from comment #116) > > (In reply to Zbigniew Jędrzejewski-Szmek from comment #115) > > > might install ES without realizing that it listens on the network by > > > default. Even if it is documented somewhere. It is also very likely that ES > > > will become a dependency of other packages. Having it default to accepting > > > commands from the network seems like something that will bite our users. > > > "Secure by default" is the general principle. > > > > > Hmm. I agree. But currently no idea. Crap. > > Does this not help? > > http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup- > configuration.html The only suspicious thing is network host in ES_HOME/config/elasticsearch.yml But only suspicious.It do not seem to protect against outside pushes. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review