Our oldest products includes Elastic stack versions 5.2, 6.2.2 and 7.10.2. We're in situation that we can not perform elastic versions uplift to the latest/fixed versions. Can we replace Log4j 2.x versions with 2.17.x or later for Elasticsearch and logstash in the version - 5.2, 6.2.2 and 7.10.2. P…

Replace Log4j from 2.x to 2.17.0 or later

leandrojmp (Leandro Pereira) December 24, 2021, 2:17pm 2

No, you can't just replace de library for a newer version.

All the recommendations regarding the Log4shell exploit are in the pinned security announcement, there you will find instructions to mitigate this in different versions.

2 Likes

Topic		Replies	Views
Fix log4j ：upgrade ES version OR replace log4j.jar to 2.17.2 Elasticsearch	6	1873	May 19, 2022
Elasticsearch log4j 2.17.0 replace Elasticsearch	3	677	January 19, 2022
Replace Log4j from 2.11.0 to 2.15.0 Logstash	10	3072	February 3, 2022
Elasticsearch 7.16.3 Log4j Vulnerability log4j-core-2.11.1.jar still persists Elasticsearch	2	2805	March 1, 2022
Replacing Log4J2 with Logback Elasticsearch	4	3595	January 11, 2017

Replace Log4j from 2.x to 2.17.0 or later

Related topics