Log4j Patch for CVE-2021-45046

kris · December 16, 2021, 7:39pm

Update 2021-12-22: OpenSearch 1.2.3 is now available - please see Log4j Patch for CVE-2021-45105

2021-12-20: OpenSearch 1.2.3 is in progress which addresses CVE-2021-45105.

As previously tracked in Log4j Patch for CVE-2021-44228 - CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in OpenSearch 1.2.1) to Log4j 2.16.0.

~~All users should upgrade their OpenSearch clusters to this new version OpenSearch 1.2.2~~

Topic		Replies	Views
Log4j Patch for CVE-2021-45105 Announcements releases , cve	3	886	February 9, 2023
Log4j Patch for CVE-2021-44228 Announcements cve	6	13424	February 15, 2023
OpenSearch 1.2.2 version still showing log4j Vulnerability findings Security cve , security-issue	13	1089	January 10, 2022
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1669	December 20, 2021
Log4j2 vulnerability in OpenSearch Security discuss , cve , security-issue	72	10089	January 30, 2022