Is xenforo vulnerable to log4j?

Although I recently upgraded from 7.16.0 to 7.16.1, I'm thinking about building a new ES instance anyway. Due to all of the comments on this page:

ElasticSearch 7.16.1 and 6.8.21 completely remove the JndiLookup class which is the recommended workaround for the latest CVE.
how do I upgrade elasticsearch (current version 7.10.2) to 7.16.1? i.e., what are the commands to run in Terminal - or is there a better way to do the upgrade?
Be aware once you update Elastricsearch it took about a day for XenForo to report the new version was installed. Likely due to a daily cron update required to check versioning.
Top Bottom