As the title states, is Elasticsearch vulnerable for the new Log4j vulnerability CVE-2021-44832 ? This is a new vulnerability of which the details were released a few hours ago. Or is this prevented by the security manager?

Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable?

Ayush_Mathur (Ayush Mathur) January 7, 2022, 5:16pm 9

As mentioned in the same link I provided earlier, 7.16.3 is targeted for 13th Jan.

1 Like

Topic		Replies	Views
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1269	January 17, 2022
Log4j on Elasticsearch 7.9.2 Elasticsearch	9	3344	February 14, 2022
Is Elasticsearch affected by CVE-2021-45046 - a second vulnerability in log4j? Elasticsearch	2	5953	January 12, 2022
How do I Mitigate LOG4J CVE on Elasticsearch 7.4.0? Elasticsearch	3	613	January 4, 2023
When will the next patch be released for Elasticsearch Elasticsearch	8	1626	January 17, 2022