To increase security we’d like to consider disabling script execution by the process engine. That atriclehttps://docs.camunda.org/manual/latest/user-guide/security/#script-execution states
Consider disabling execution of scripts all together if the feature is not needed. See also: Custom Code & Security
However neither the provided link has any details how to do so nor I could find any other details how that can be achieved.
Is that possible - to disable script executions?
@alexey.kadyrov have you tried these process engine property options?
setEnableFetchScriptEngineFromProcessApplication(false);
It can be configured in processes.xml or bpm-platform.xml or camunda-cfg.xml file too.
<property name = "enableFetchScriptEngineFromProcessApplication" value = "false" />
We are using the Community edition docker image.
I tried to set the property in the bpm-platform.xml like:
<properties> <property name="history">full</property> <property name="databaseSchemaUpdate">false</property> <property name="authorizationEnabled">true</property> <property name="jobExecutorDeploymentAware">false</property> <property name="historyCleanupBatchWindowStartTime">00:01</property> <property name="enableFetchScriptEngineFromProcessApplication">false</property> </properties> ...
But it didn’t make any difference a script task with Groovy script was still executed. (See the example process
scripting-tests.bpmn (3.0 KB) )