Hi all, I just became aware of this security issue that I think applies to OpenSearch since version 1.0.0 [image] Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package |... Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how t…

Log4j2 vulnerability in OpenSearch

dswitzer2 December 10, 2021, 8:15pm 3

Is it safe to use the log4j2.formatMsgNoLookups=true JVM option with Elasticsearch? I would assume so, but wanted to ask before making any changes.

Topic		Replies	Views
OpenSearch 1.2.2 version still showing log4j Vulnerability findings Security cve , security-issue	13	1089	January 10, 2022
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1672	December 20, 2021
Log4j Patch for CVE-2021-44228 Announcements cve	6	13426	February 15, 2023
Log4j issue - CVE-2021-44832 Security discuss , cve , security-issue	16	1405	February 10, 2022
Log4j Patch for CVE-2021-45046 Announcements releases , cve	3	956	February 15, 2023