Security scans have found this open SSL vulnerability in logstash directory.
We are trying to upgrade OpenSSL version 3.0.8 or later in the production server. The current version on the server is 3.0.3.
Could you please suggest any way to upgrade the OpenSSL to the same log stash version? We are using Logstash 6.4.0
What will be the impact if we delete the existing OpenSSL folder?
It is not sure what openssl you are referring to since you didn't share anything, but you cannot remove or update anything inside the logstash folder.
You will need to update the entire logstash, also 6.4.0 is not supported anymore, it already reached EOL.
You should update to 7.17 or 8.9.
Thank you for the information.
There is some backward compatibility issue so we won't be able to upgrade to 7.17 or 8.9
But we can do 6.8.23
Could you please confirm if version 6.8.23 doesn't have the vulnerability CVE20233446?
6.8 is also not supported anymore, it reached EOL february last year, so any new vulnerabilities will not be fixed.
You will need to install it and check if the openssl version is vulnerable or not for this CVE, I do not run 6.8 anymore.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.