I have a 3-node ELK cluster in linux. Carbon Black scan picked up some vulnerable jar files. Should I: Upgrade Elasticsearch to 7.16 or later ? Remove the vulnerable JAR files ? Upgrade LOG4J components bundled in Elastic ad-hoc (to LOG4J2?)

Please Refer to the Official Thread on this. [image] Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements Subject: Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 - ESA-2…

Discuss the Elastic Stack

How do I Mitigate LOG4J CVE on Elasticsearch 7.4.0?

Elastic Stack Elasticsearch

stephenb (Stephen Brown) December 7, 2022, 1:36am 3

Please Refer to the Official Thread on this.

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.