Log4j in Elasticsearch prerequisites in Azure DevOps environment

Hello,

i am very new to the Elastic world, in fact i've started working with Elastic after the log4j security alert had happened so i am a beginner. i have a azure devops environment where i have Elasticsearch installed on the system as a prerequisites. The current elastic version is v6.2, the version of the Log4j running is 2.9.1. As i understand this version of the log4j contains the security vulnerability so i have deactivated the service in the environment to be safe.
I would like to know how to update the elastic prerequisites or should i update the log4j file itself? Is it even possible to update the elastic prerequisites or do i have to unistall the old version and then install the new one? i have searched a lot but found nothing regarding elastic with azure and how to update it to the newest version, also not in the official announcement.
I have also read this
according to this if i have an old log4j version i should remove the JndiLookup.class which is problematic, but would it simply be enough to just delete the class from the file?
Any help would be appreciated, thanks.

You should really upgrade, 6.2 is very much EOL and no longer supported.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.