Looks like there is another issue and another fix
And the release of Logstash 7.16.1 Release Notes | Logstash Reference [7.16] | Elastic has the incomplete fix.
When can this be addressed?
Looks like there is another issue and another fix
And the release of Logstash 7.16.1 Release Notes | Logstash Reference [7.16] | Elastic has the incomplete fix.
When can this be addressed?
Per the official Security Announcement thread:
Hi, I am currently using Elasticsearch and Logstash oss version 7.8.0.
The log4j-core and lo4j-api version in Elasticsearch is 2.11.1 and in Logstash it is 2.12.1.
Can i upgrade the log4j jar files (v.2.17.0) in my existing Elasticsearch and Logstash (7.8.0) to solve this vulnerability and without impacting the functioning of ELK.
Or it is necessary to upgrade to ELK v7.16.2 to solve it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.