Urgent - Incomplete fix for Apache Log4j vulnerability v2.15.0

Looks like there is another issue and another fix

And the release of Logstash 7.16.1 Release Notes | Logstash Reference [7.16] | Elastic has the incomplete fix.

When can this be addressed?

1 Like

Per the official Security Announcement thread:

1 Like

Hi, I am currently using Elasticsearch and Logstash oss version 7.8.0.

The log4j-core and lo4j-api version in Elasticsearch is 2.11.1 and in Logstash it is 2.12.1.

Can i upgrade the log4j jar files (v.2.17.0) in my existing Elasticsearch and Logstash (7.8.0) to solve this vulnerability and without impacting the functioning of ELK.

Or it is necessary to upgrade to ELK v7.16.2 to solve it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.