Regarding log4j vulnerability

mohammed.sabil · December 14, 2021, 6:33am

Hello Team,

I am using/running ELK 7.13 version on my environment using docker compose along with Filebeat 7.14 and have enabled xpack security option.

I have restarted all three containers using docker compose and completed successfully.

I just wanted to know do I need to do anything to remediate the log4j vulnerability for my ELK stack.

Kindly suggest.

Thank you.
Sabil.

FALEN · December 14, 2021, 8:03am

For proper fix, you need to update

Disable JNDI lookups via the log4j2.formatMsgNoLookups system property #81622
Patch log4j jar to remove the JndiLookup class from the classpath #81629

mohammed.sabil · December 14, 2021, 10:47am

Hello @FALEN ,

Thank you for your reply. Let me update my ELK stack to 7.16.1 version.

Will update once done.

Regards,
Sabil.

mohammed.sabil · January 3, 2022, 9:47am

Hello Team,

May I know do we have updates on log4j 2.17.1 for elk stack?

Thank you.

Vashiru · January 5, 2022, 5:30pm

Logstash v2.17.1 is mitigate against CVE-2021-44832 from the 28th of December. I've asked about it here: Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? but thus far no conclusive answer.

I don't know about Logstash, but I do know no update containing log4j 2.17.1 has been released yet for Elasticsearch (it would be released in 7.16.3, but the latest as of writing is 7.16.2).

Topic		Replies	Views
Urgent - Incomplete fix for Apache Log4j vulnerability v2.15.0 Logstash	3	3599	January 19, 2022
Mitigation for Log4j2 vulnerability Logstash	5	3065	January 13, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6852	February 7, 2022
Log4j2 vulnerability mitigation Logstash	7	1902	July 3, 2023
Elasticsearch 7.16.3 Log4j Vulnerability log4j-core-2.11.1.jar still persists Elasticsearch	2	2997	March 1, 2022

Regarding log4j vulnerability

Related topics