logsearch-boshrelease icon indicating copy to clipboard operation
logsearch-boshrelease copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry-community

log4j 2.12.1 in ELK 7.6.1

Open peterellisjones opened this issue 3 years ago • 3 comments

Hi folks, this project uses ELK 7.6.1 which is vulnerable to the recent "log4shell" exploit by virtue of including log4j < 2.15.0. Elastic have stated that the vulnerability can be mitigated by upgrading to ELK 7.8+ (https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476). Are there any plans to update the release?

peterellisjones avatar Dec 17 '21 07:12 peterellisjones

Hi Team, Actually any plan to upgrade this release for log4j2 vulnerability. We are having customer waiting for ELK deployment

KshitijaR16 avatar Dec 17 '21 11:12 KshitijaR16

+1

julweber avatar Dec 20 '21 14:12 julweber

is the any plans to update ELK stack to 7.16.x ? @axelaris

SergeyMuha avatar Jan 19 '22 21:01 SergeyMuha