Showing results for 
Show  only  | Search instead for 
Did you mean: 

Updation of Log4J jar file in Elasticsearch


Has the following update been made available, if no when to expect?


Please note that the Dynatrace Managed versions listed below still include the vulnerable Log4j library file (/opt/dynatrace-managed/elasticsearch/lib/log4j-core-2.11.1.jar) due to the usage of Elasticsearch. Dynatrace has applied the recommended mitigation measures of removing the org/apache/logging/log4j/core/lookup/JndiLookup.class from the Log4j library. This fully mitigates CVE-2021-44228 and CVE-2021-45046.

An upgrade of Elasticsearch which uses an updated Log4j library is planned.


DynaMight Champion
DynaMight Champion

Hi @osadmin yes that update is available.


Updated** versions that mitigate CVE-2021-44228, CVE-2021-45046

  • All versions >= 1.230.138

Please take a look at the official security alert article related to the log4j vulnerabilities, here:


I believe it will answer all your questions, as it lists all the detected vulnerabilities and Dynatrace's response to each, including the updated versions of all affected components.

Featured Posts