We are using Elasticsearch 7.16.3 and Elasticsearch 7.15.1.
Can you let us know which java version both the Elasticsearch versions are using?
Please let us know, whether ES is affected any way by the reported spring shell vulnerability.
Please suggest, whether we need to take any steps from our end for mitigating the same
I checked the java version we are using for ES 7.16.3 is Java 17. Also, we use Elasticsearch-rest-client, Elasticsearch-rest-high-level-client and spring data too. Will these affected by the Spring4Shell ::Spring Framework Remote Code Execution Vulnerability?
Elasticsearch does not use Spring. So it can't be affected by it.
If you are using Spring, then, that's another story but this is something you should check on the Spring forums IMO.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.