https://community.dynatrace.com/t5/Synthetic-Monitoring/Updation-of-Log4J-jar-file-in-Elasticsearch/m-p/177923#M1136 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/42593">@osadmin</a>&nbsp;yes that update is available.</P><P>&nbsp;</P><H4>Updated** versions that mitigate CVE-2021-44228, CVE-2021-45046</H4><UL class=""><LI>All versions &gt;= 1.230.138</LI><LI>1.230.138.20211216-204858</LI><LI>1.228.134.20211216-191401</LI><LI>1.226.130.20211216-191357</LI><LI>1.224.101.20211216-191354</LI></UL><P>Please take a look at the official security alert article related to the log4j vulnerabilities, here:</P><P>&nbsp;</P><P><A href="https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/" target="_blank" rel="noopener">https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/</A></P><P>&nbsp;</P><P>I believe it will answer all your questions, as it lists all the detected vulnerabilities and Dynatrace's response to each, including the updated versions of all affected components.</P> Wed, 22 Dec 2021 08:36:41 GMT andre_vdveen 2021-12-22T08:36:41Z https://community.dynatrace.com/t5/Synthetic-Monitoring/Updation-of-Log4J-jar-file-in-Elasticsearch/m-p/177920#M1135 <P>Has the following update been made available, if no when to expect?</P> <P>&nbsp;</P> <P>Please note that the Dynatrace Managed versions listed below still include the vulnerable Log4j library file (/opt/dynatrace-managed/elasticsearch/lib/log4j-core-2.11.1.jar) due to the usage of Elasticsearch. Dynatrace has applied the recommended mitigation measures of removing the&nbsp;org/apache/logging/log4j/core/lookup/JndiLookup.class<SPAN>&nbsp;</SPAN>from the Log4j library. This fully mitigates CVE-2021-44228 and CVE-2021-45046.</P> <P>An upgrade of Elasticsearch which uses an updated Log4j library is planned.</P> Mon, 03 Jan 2022 12:09:14 GMT https://community.dynatrace.com/t5/Synthetic-Monitoring/Updation-of-Log4J-jar-file-in-Elasticsearch/m-p/177920#M1135 osadmin 2022-01-03T12:09:14Z https://community.dynatrace.com/t5/Synthetic-Monitoring/Updation-of-Log4J-jar-file-in-Elasticsearch/m-p/177923#M1136 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/42593">@osadmin</a>&nbsp;yes that update is available.</P><P>&nbsp;</P><H4>Updated** versions that mitigate CVE-2021-44228, CVE-2021-45046</H4><UL class=""><LI>All versions &gt;= 1.230.138</LI><LI>1.230.138.20211216-204858</LI><LI>1.228.134.20211216-191401</LI><LI>1.226.130.20211216-191357</LI><LI>1.224.101.20211216-191354</LI></UL><P>Please take a look at the official security alert article related to the log4j vulnerabilities, here:</P><P>&nbsp;</P><P><A href="https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/" target="_blank" rel="noopener">https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/</A></P><P>&nbsp;</P><P>I believe it will answer all your questions, as it lists all the detected vulnerabilities and Dynatrace's response to each, including the updated versions of all affected components.</P> Wed, 22 Dec 2021 08:36:41 GMT https://community.dynatrace.com/t5/Synthetic-Monitoring/Updation-of-Log4J-jar-file-in-Elasticsearch/m-p/177923#M1136 andre_vdveen 2021-12-22T08:36:41Z