Hi, the latest versions of Logstash OSS with OpenSearch Output Plugin available seems to be old versions. Is it possible to get these updated to 7.16.1 to fix the Log4j issue? Thanks! Project Artifacts OpenSearch is a community-driven, Apache 2.0-licensed open source search and analy…

Hello @jong - per the updates to our blog post " In addition, we are releasing a version of the Logstash OSS with OpenSearch Output Plugin bundle which resolves both CVE-2021-44228 and CVE-2021-45046. " Important: Update to OpenSearch 1.2.1 OpenSearch is a community-driven, Apache 2.0-…

Thanks for the reply, but I’m struggling to understand what the situation is here. The blog post seems to suggest it had been fixed already but there is no release. Is one coming soon? Do I just need a bit more patience? Thanks

It’s a work in progress - that section of the blog post was from yesterday afternoon (Update Dec 14, 2021).

Thanks for clarifying. That part of the blog post seemed a bit ambiguous. Good to know it is coming.

@kris , I am looking for an updated image at Docker Hub as well Is there an estimate on when this will be available. I was looking to apply the manual mitigation of removing the class using zip command, but I get a zip: command not found while attempting it

created local image using this Dockerfile FROM opensearchproject/logstash-oss-with-opensearch-output-plugin:7.13.4 USER root RUN yum install -y zip RUN zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class Should be fin…

Updated Logstash OSS with OpenSearch Output Plugin now available as well [image] Log4j Patch for CVE-2021-45046 Announcements Update 2021-12-22: OpenSearch 1.2.3 is now available - please see Log4j Patch for CVE-2021-45105 2021-12-20: OpenSearch 1.2.3 is in progress whic…

Logstash OSS with OpenSearch Output Plugin Log4j vulnerable

OpenDistro

kris December 16, 2021, 11:37pm 9

Updated Logstash OSS with OpenSearch Output Plugin now available as well

Topic		Replies	Views
Log4j2 vulnerability in OpenSearch Security discuss , cve , security-issue	72	10526	January 30, 2022
OpenSearch 1.2.2 version still showing log4j Vulnerability findings Security cve , security-issue	13	1182	January 10, 2022
Log4j Patch for CVE-2021-44228 Announcements cve	3	13529	December 16, 2021
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1725	December 20, 2021
Log4j Patch for CVE-2021-45046 Announcements releases , cve	0	975	December 16, 2021

Logstash OSS with OpenSearch Output Plugin Log4j vulnerable

Related topics