We have deployed the Bitnami Logstash image based on Logstash 7.16.3 in our environment on Azure AKS, as a remediation to the CVE-2021-44832 log4j vulnerability. After redeploying Logstash, we noticed the Azure Defender still reported the image to be affected by the vulnerability, and the Azure Defender's detection approach was by finding log4j installs of affected versions using the located command and ls proc command. I am assuming that means the affected package versions still exist in the image.
The observation was puzzling, as the issue should be addressed by the update, and we are wondering what could be the cause. Has anyone encountered similar issue? Should I just use later versions (>7.16.3) or what other approaches can I take to remediate or verify?