Logstash vulnerabilities around ruby-maven-libs

my company is pushing me for fixing vulnerablities in logstash, at this point i am in learning mode.

when i looking at the below vulnerablity, does this need ruby-maven-libs upgrade or just guava upgrade

Required_Version Language Install_Path com.google.guava:guava 18.0 24.1.1 Java usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/ruby-maven-libs-3.3.9/maven-home/lib/guava-18.0.jar


Please check your other posts about similar issues, the answer is the same.

You cannot upgrade individual dependencies, you need to upgrade the entire Logstash, if the latest version still does not have this fixed you need to report to elastic using the e-mail security@elastic.co.

1 Like

thanks emailed security@

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.