Hello,
i am very new to the Elastic world, in fact i've started working with Elastic after the log4j security alert had happened so i am a beginner. i have a azure devops environment where i have Elasticsearch installed on the system as a prerequisites. The current elastic version is v6.2, the version of the Log4j running is 2.9.1. As i understand this version of the log4j contains the security vulnerability so i have deactivated the service in the environment to be safe.
I would like to know how to update the elastic prerequisites or should i update the log4j file itself? Is it even possible to update the elastic prerequisites or do i have to unistall the old version and then install the new one? i have searched a lot but found nothing regarding elastic with azure and how to update it to the newest version, also not in the official announcement.
I have also read this
according to this if i have an old log4j version i should remove the JndiLookup.class which is problematic, but would it simply be enough to just delete the class from the file?
Any help would be appreciated, thanks.