Elastic Diagnostics and Log4j2 vulnerability

newschapmj1 · January 8, 2022, 4:54pm

Does upgrading to 8.2.6 fix all known Log4j2 issues with Elastic Diagnostics?

Should it be on the Elastic list of software affected by Log4j2 to remind users to upgrade?

warkolm · January 9, 2022, 9:31pm

This is not a product that we support in the same way as we would the Elastic Stack, so it's not going to be listed in the main announcement, no.

There will likely be an upgrade to it with the new library, yes.

system · February 6, 2022, 9:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	347387	November 4, 2022
When will the next patch be released for Elasticsearch Elasticsearch	8	1624	January 17, 2022
How do I Mitigate LOG4J CVE on Elasticsearch 7.4.0? Elasticsearch	3	610	January 4, 2023
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1268	January 17, 2022
Log4j on Elasticsearch 7.9.2 Elasticsearch	9	3338	February 14, 2022