Regarding log4j with Elasticsearch 2.x which uses log4j 1.2

Hi All, I am looking for impact analysis of Elasticsearch 2.4.1 with the newly detected vulnerabilities. As per update from elastic, there is no impact on Elasticsearch 2 and below with cve-2021-44228. But based on CVE-2019-17571 the impact will be there on Elasticsearch 2 and below as 17571 affects log4j1.2-1.2.7 which is used in Elasticsearch 2.x. If anyone from the community are still on Elasticsearch 2x can you please let me know if there is any kind of update on this particular issue. With latest 44228, criticality of 17571 has been increased to high risk. I am looking for a version in 2.x which doesnt have log4j 1.2-1.2.7. Thanks

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.