Patch log4j vulnerability on Windows

Hi,
I was following instructions from: Elasticsearch 5.0.0-5.6.10 and 6.0.0-6.3.2: Log4j CVE-2021-44228, CVE-2021-45046 remediation
But changed it to powershell commands as I am runnng Elasticsearch on Windows:

Copy-Item -Path "C:\elasticsearch\lib\log4j-core-2.11.1.jar" -Destination "C:\"
[System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
[System.IO.Compression.ZipFile]::ExtractToDirectory("C:\elasticsearch\lib\log4j-core-2.11.1.jar", "C:\log4j-core-2.11.1")
 
Remove-Item -Path "C:\log4j-core-2.11.1\org\apache\logging\log4j\core\lookup\JndiLookup.class"
 
[System.IO.Compression.ZipFile]::CreateFromDirectory("C:\log4j-core-2.11.1\", "C:\test\log4j-core-2.11.1.jar")
 
Copy-Item -Path "C:\test\log4j-core-2.11.1.jar" -Destination "C:\elasticsearch\lib\" -Force -Verbose

The problem is that Elasticsearch is not starting after this change. I am getting following exception:

Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/config/properties/PropertiesConfigurationFactory
at org.Elasticsearch.cli.CommandLoggingConfigurator.configureLoggingWithoutConfig(CommandLoggingConfigurator.java:40)
at org.Elasticsearch.cli.Command.main(Command.java:87)
at org.Elasticsearch.common.settings.KeyStoreCli.main(KeyStoreCli.java:43)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.config.properties.PropertiesConfigurationFactory
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:606)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:168)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
... 3 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/config/properties/PropertiesConfigurationFactory
at org.Elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:90)
Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.core.config.properties.PropertiesConfigurationFactory
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:606)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:168)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
... 1 more

Elasticsearch version: 7.9.2

Is there a workaround for this?

This document is for a different version of Elasticsearch that you're using.
Please read the main post about this vulnerability: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.