Regarding log4j vulnerability

Hello Team,

I am using/running ELK 7.13 version on my environment using docker compose along with Filebeat 7.14 and have enabled xpack security option.

I have restarted all three containers using docker compose and completed successfully.

I just wanted to know do I need to do anything to remediate the log4j vulnerability for my ELK stack.

Kindly suggest.

Thank you.
Sabil.

For proper fix, you need to update

  • Disable JNDI lookups via the log4j2.formatMsgNoLookups system property #81622
  • Patch log4j jar to remove the JndiLookup class from the classpath #81629

Hello @FALEN ,

Thank you for your reply. Let me update my ELK stack to 7.16.1 version.

Will update once done.

Regards,
Sabil.

Hello Team,

May I know do we have updates on log4j 2.17.1 for elk stack?

Thank you.

Logstash v2.17.1 is mitigate against CVE-2021-44832 from the 28th of December. I've asked about it here: Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? but thus far no conclusive answer.

I don't know about Logstash, but I do know no update containing log4j 2.17.1 has been released yet for Elasticsearch (it would be released in 7.16.3, but the latest as of writing is 7.16.2).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.