Fix log4j :upgrade ES version OR replace log4j.jar to 2.17.2

At present, we have more than 500 Elasticsearch clusters, with thousands of nodes. The Elasticsearch versions are 6.3.2, 7.2 and 7.4. In order to solve the log4j vulnerability, if you choose to upgrade the Elasticsearch version on a large scale, it will affect the online business. The cost is relatively high. I have recently referred to other repair methods, such as replacing the log4j jar version with 2.17.2. Which method is currently considered? give me some advice

Have a look at this thread.

Thank you, if I can't use the solution of replacing the jar package,
can I refer to this solution :

It seems like that would apply to your 6.3.2 clusters but not the 7.x ones.

Yes, only handles Elasticsearch version 6.3.2, excluding 7.x

Elasticsearch version 6.3 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.