From 2369a79995cffd724bfbdede3b6aac4969f83313 Mon Sep 17 00:00:00 2001
From: Jan Nylund <jan.nylund@excosoft.fi>
Date: Tue, 5 Aug 2014 15:47:55 +0300
Subject: [PATCH] Disable dynamic querys by default, to avoid remote code
 execution. See http://bouk.co/blog/elasticsearch-rce/

---
 module/app/com/github/cleverage/elasticsearch/IndexConfig.java | 2 +-
 module/conf/elasticsearch.yml                                  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/module/app/com/github/cleverage/elasticsearch/IndexConfig.java b/module/app/com/github/cleverage/elasticsearch/IndexConfig.java
index 37c0629..042d2f9 100644
--- a/module/app/com/github/cleverage/elasticsearch/IndexConfig.java
+++ b/module/app/com/github/cleverage/elasticsearch/IndexConfig.java
@@ -41,7 +41,7 @@ public class IndexConfig {
     public Boolean sniffing = true;
 
     /**
-     * elasticsearch.local.config = configuration file load on local mode.
+     * elasticsearch.config.resource = configuration file load on local mode.
      * eg : conf/elasticsearch.yml
      */
     public String localConfig = null;
diff --git a/module/conf/elasticsearch.yml b/module/conf/elasticsearch.yml
index a33537f..5929457 100644
--- a/module/conf/elasticsearch.yml
+++ b/module/conf/elasticsearch.yml
@@ -3,3 +3,5 @@
 cluster.name: play2-elasticsearch
 
 path.data: data
+
+script.disable_dynamic: true