I noticed that for the latest log4j2 vulnerabilities ES was updated. Any idea if and when Elasticsearch-oss will be updated?
Elasticsearch since 7.11 no longer have an OSS distribution and prior releases are no longer maintained. I therefore would not expect older OSS versions to get patched. I would recommend looking at the release notes and blog posts published on the topic for further details.
2 Likes
Welcome to our community! 
That is correct, our standard practise it so not back patched older releases and release newer ones with the fix. You will need to upgrade to get the fix.
Is there any documentation on what changed between the versions specifically Elasticsearch-oss and not? Or is it pretty much the same configs?
It's the same.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.