Fixing vulnerablities in logstash code

my company check for vulnerablities and i see bunch of vulnerablities in logstash. an example is below

to fix this vulnerablity, should i upgrade guava or does jruby needs to be upgraded. if jruby needs to be upgraded where can i find what versions of jruby is logstash compatible with.

if i need to upgrade guava seperately where can i find the dependencies map for this 18.0 24.1.1 Java usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/ruby-maven-libs-3.3.9/maven-home/lib/guava-18.0.jar

None, you cannot upgrade the individual components and libraries used by Logstash, you would need to upgrade to a new Logstash version, if available.

If you are not on the last versions of Logstash which are 7.17.13 for the version 7 and 8.10.0 for the version 8, you need to upgrade to the last version.

If after the upgrade the vulnerability is still being detected, you will need to report it to Elastic through the e-mail and wait for a fix.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.