Log4j vulnerability threat impact on Elasticsearch and Logstash versions below 5

Can anyone please confirm whether Elasticsearch and Logstash versions below 5 are also impacted with Log4j vulnerability threat ?

Those versions are EOL and unsupported, please upgrade as a matter of urgency.

Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 has more info.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.