From cbc7ff875cecfd6e819f6310d6f58bfdab8a0a15 Mon Sep 17 00:00:00 2001
From: Dave Marion <dlmarion@apache.org>
Date: Thu, 2 Apr 2026 12:12:47 +0000
Subject: [PATCH 1/3] Implement workaround in accumulo-env.sh for OpenTelemetry
 CVE

Added a system property in accumulo-env.sh to disable the RMI
instrumentation of the OpenTelemetry Java Agent. See
https://github.com/apache/accumulo/security/dependabot/25 for
more information.
---
 assemble/conf/accumulo-env.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/assemble/conf/accumulo-env.sh b/assemble/conf/accumulo-env.sh
index 6a515ab276b..339c2c243e9 100644
--- a/assemble/conf/accumulo-env.sh
+++ b/assemble/conf/accumulo-env.sh
@@ -117,6 +117,7 @@ JAVA_OPTS=("-Daccumulo.log.dir=${ACCUMULO_LOG_DIR}"
   "-Dlog4j2.statusLoggerLevel=ERROR"
   "-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
   "-Dotel.service.name=${ACCUMULO_SERVICE_INSTANCE}"
+  "-Dotel.instrumentation.rmi.enabled=false"
   "${JAVA_OPTS[@]}"
 )
 

From d9ebb1410192766885e29da882b3b07fd5ab2c20 Mon Sep 17 00:00:00 2001
From: Dave Marion <dlmarion@apache.org>
Date: Thu, 2 Apr 2026 11:22:39 -0400
Subject: [PATCH 2/3] Update assemble/conf/accumulo-env.sh

Co-authored-by: Daniel Roberts <ddanielr@gmail.com>
---
 assemble/conf/accumulo-env.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/assemble/conf/accumulo-env.sh b/assemble/conf/accumulo-env.sh
index 339c2c243e9..660a0f97fc0 100644
--- a/assemble/conf/accumulo-env.sh
+++ b/assemble/conf/accumulo-env.sh
@@ -117,6 +117,7 @@ JAVA_OPTS=("-Daccumulo.log.dir=${ACCUMULO_LOG_DIR}"
   "-Dlog4j2.statusLoggerLevel=ERROR"
   "-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
   "-Dotel.service.name=${ACCUMULO_SERVICE_INSTANCE}"
+# Mitigation for CVE-2026-33701
   "-Dotel.instrumentation.rmi.enabled=false"
   "${JAVA_OPTS[@]}"
 )

From 5263bd48b189d212e67613d61c937fef889a71b4 Mon Sep 17 00:00:00 2001
From: Dave Marion <dlmarion@apache.org>
Date: Thu, 2 Apr 2026 16:25:54 +0000
Subject: [PATCH 3/3] Fix formatting

---
 assemble/conf/accumulo-env.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assemble/conf/accumulo-env.sh b/assemble/conf/accumulo-env.sh
index 660a0f97fc0..3fc174d897a 100644
--- a/assemble/conf/accumulo-env.sh
+++ b/assemble/conf/accumulo-env.sh
@@ -117,7 +117,7 @@ JAVA_OPTS=("-Daccumulo.log.dir=${ACCUMULO_LOG_DIR}"
   "-Dlog4j2.statusLoggerLevel=ERROR"
   "-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
   "-Dotel.service.name=${ACCUMULO_SERVICE_INSTANCE}"
-# Mitigation for CVE-2026-33701
+  # Mitigation for CVE-2026-33701
   "-Dotel.instrumentation.rmi.enabled=false"
   "${JAVA_OPTS[@]}"
 )