Hello Team, I am using logstash 7.5.1 and having log4j jar as 2.11.1. Now as per doc https://discuss.elastic.co/ it is mentioned to remove JNDI class if we don't want to upgrade logstash. Is it possible if I can upgrade log4j jar to 2.15.0 in my current logstash version to mitigate this vulnerabili…

No, you can't just replace the jar with a newer version. Please read the security announcement about the Log4J exploit, there you will find how to mitigate the issue according to your Logstash/Elasticsearch version. If what you want to do is not mentioned there, then it is not recommended or teste…

Discuss the Elastic Stack

Replace Log4j from 2.11.0 to 2.15.0

Elastic Stack Logstash

d71247 (firas) December 15, 2021, 4:24pm 3

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.