Is it possible to disable or remove log4j-core-2.17.1.jar from Logstash?


We are running on Logstash 8.8.0 and our IT security team has concern about the log4j-core-2.17.1.jar in the logstash-core\lib\jars.

Can we disable log4j totally in Logstash and remove the log4j-core-2.17.1.jar from the system?

What concerns? I don't think there is any active security issues regarding log4j, the RCE issues that affected log4j a couple of months ago where fixed in 2.17.1 as explained here.

You can't disable log4j totally in Logstash as it is needed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.