sniper756 Member Dec 13, 2021 #1 My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx
My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx
Solution Chris D Dec 13, 2021 sniper756 said: My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx Click to expand... My apologies. 2.4.6 does not include a vulnerable version of Log4j so you should be fine.
sniper756 said: My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx Click to expand... My apologies. 2.4.6 does not include a vulnerable version of Log4j so you should be fine.
Chris D XenForo developer Staff member Dec 13, 2021 #2 Yes. To an extent. Elasticsearch inherently has some protection due to using Java Security Manager. We recommend upgrading to Elasticsearch 6.4 or above and applying the hot fix we posted in the Announcements forum. Upvote 0 Downvote
Yes. To an extent. Elasticsearch inherently has some protection due to using Java Security Manager. We recommend upgrading to Elasticsearch 6.4 or above and applying the hot fix we posted in the Announcements forum.
K Kirby Well-known member Dec 13, 2021 #3 Chris D said: Yes. To an extent. Elasticsearch inherently has some protection due to using Java Security Manager. Click to expand... Hmm, as far as I've understood https://discuss.elastic.co/t/apache...lnerability-cve-2021-44228-esa-2021-31/291476 this might only be the case for ES 6/7 - not necessarily for ES 5 (or even older versions)? Elasticsearch versions 5.0.0+ contain a vulnerable version of Log4j. We’ve confirmed that the Security Manager mitigates the remote code execution attack in Elasticsearch 6 and 7; investigation is still underway for Elasticsearch 5. Click to expand... Upvote 1 Downvote
Chris D said: Yes. To an extent. Elasticsearch inherently has some protection due to using Java Security Manager. Click to expand... Hmm, as far as I've understood https://discuss.elastic.co/t/apache...lnerability-cve-2021-44228-esa-2021-31/291476 this might only be the case for ES 6/7 - not necessarily for ES 5 (or even older versions)? Elasticsearch versions 5.0.0+ contain a vulnerable version of Log4j. We’ve confirmed that the Security Manager mitigates the remote code execution attack in Elasticsearch 6 and 7; investigation is still underway for Elasticsearch 5. Click to expand...
Chris D XenForo developer Staff member Dec 13, 2021 #4 sniper756 said: My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx Click to expand... My apologies. 2.4.6 does not include a vulnerable version of Log4j so you should be fine. Upvote 1 Downvote Solution
sniper756 said: My current es is 2.4 6. I want to know whether my website will be affected by log4j vulnerability. thx Click to expand... My apologies. 2.4.6 does not include a vulnerable version of Log4j so you should be fine.
Nirjonadda Well-known member Dec 13, 2021 #5 Updated to Elasticsearch Version: 7.16.1 and Release date: December 13, 2021 Upvote 0 Downvote