Hi, As per the release notes of Elasticserch 6.8.21, the vulnerability CVE-2021-44228 is addressed by removing the class file JndiLookup.class from the log4j jar. We have upgraded our application with Elasticsearch 6.8.21 and I see the class file is removed from log4j jar. However I found another J…

Log4j vulnerability and Elasticsearch 6.8.21

system (system) Closed January 13, 2022, 7:00am 2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log4j vulnerability in Elastic Search 7.16.1 Elasticsearch	2	882	May 18, 2022
Elasticsearch 5.0.0-5.6.10 and 6.0.0-6.3.2: Log4j CVE-2021-44228, CVE-2021-45046 remediation Security Announcements	1	33018	November 4, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6793	February 7, 2022
Is Elasticsearch affected by CVE-2021-45046 - a second vulnerability in log4j? Elasticsearch	2	6007	January 12, 2022
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1305	January 17, 2022