Hi,
We are currently running an ELK stack with version 8.13.4. We do not have a license, so PDF and PNG reporting features are not available in our environment. However, we are using the CSV reporting functionality. I would like to confirm whether our environment is affected by CVE-2025-2135, given that we only use the CSV export feature and do not have PDF/PNG reporting enabled.
Additionally, do we still need to take any precautionary measures or is it strongly recommended that we upgrade to a newer version, even though we are not using PDF or PNG reporting?
Thank you!