Please
Is it safe to mitigate vulnerability log4j by using
zip -q -d Log4j-core-*.jar org/apache/logging/Log4j/core/lookup/JndiLookup.class
for opendistro version prior to 13.2
i have no possibility to change version of Java for the host i am using
What to do help me?
Follow up question for this thread, does the JndiLookup.class mitigation also cover CVE-2021-45105? Or are there any additional mitigation steps for OpenSearch regarding that CVE?