log4j 2.12.1 in ELK 7.6.1

[peterellisjones]

Hi folks, this project uses ELK 7.6.1 which is vulnerable to the recent "log4shell" exploit by virtue of including log4j < 2.15.0. Elastic have stated that the vulnerability can be mitigated by upgrading to ELK 7.8+ (https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476). Are there any plans to update the release?

[KshitijaR16]

Hi Team, Actually any plan to upgrade this release for log4j2 vulnerability. We are having customer waiting for ELK deployment

[julweber]

+1

[SergeyMuha]

is the any plans to update ELK stack to 7.16.x ? @axelaris