Hi All,
I have configured Elasticsearch 7.17 version on the system but not sure if it is open source, non-licensed, and log4j vulnerable or not. If it is not all of the three, please suggest me a version which has all three:
1.Open Source
2.Non-Licensed
3.Not Log4j Vulnerable
Thanks in Advance.
The last open source version was 7.10.2, after that all Elasticsearch versions need to use the Elastic license, the free one (basic) or one of the paid ones.
The log4j package in 7.10.2 was not updated to solve the log4j vulnerability, but if you want to use it you can use some mitigations described in this post.
Adding that "open-source" could mean something very different.
If you are asking for a free to use version, then you can use the 7.17.x version or even better 8.2.0 that has been released yesterday.
Hi,
Our main concern is we are looking for a non paid version as per the request of the client. And we seek the version support as well so are we good to go with 7.17 as we don't use any paid functionalities of ELK.
8.X Basic is free.
Apache licensed is licensed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.