Hello,
We are using Elasticsearch 6.3.2 & 6.8.23
Please let us know, whether ES is using spring boot war and whether Elasticsearch is impacted any way by the reported spring shell vulnerability.
Please suggest, whether we need to take any steps from our end for mitigating the same
dadoonet
(David Pilato)
March 31, 2022, 5:24pm
2
ES does not use Spring Boot.
We are using Elasticsearch 6.3.2
You should really upgrade this version.
1 Like
system
(system)
March 31, 2022, 5:24pm
3
Elasticsearch 6.3 is EOL and no longer supported. Please upgrade ASAP.
(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )
Will there be any official statement from Elastic concerning Spring4Shell or is it not needed because ES doesn't use spring at all?
4 Likes
system
(system)
Closed
April 29, 2022, 8:26am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
warkolm
(Mark Walkom)
May 3, 2022, 11:55pm
7
Please consider the marked solution as the official stance on this.