my company check for vulnerablities and i see bunch of vulnerablities in logstash. an example is below
to fix this vulnerablity, should i upgrade guava or does jruby needs to be upgraded. if jruby needs to be upgraded where can i find what versions of jruby is logstash compatible with.
if i need to upgrade guava seperately where can i find the dependencies map for this
None, you cannot upgrade the individual components and libraries used by Logstash, you would need to upgrade to a new Logstash version, if available.
If you are not on the last versions of Logstash which are 7.17.13 for the version 7 and 8.10.0 for the version 8, you need to upgrade to the last version.
If after the upgrade the vulnerability is still being detected, you will need to report it to Elastic through the e-mail security@elastic.co and wait for a fix.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.