FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Updation of Log4J jar file in Elasticsearch

Go to solution
osadmin
Newcomer

‎22 Dec 2021 06:29 AM - last edited on ‎03 Jan 2022 12:09 PM by Community Team

Has the following update been made available, if no when to expect?

 

Please note that the Dynatrace Managed versions listed below still include the vulnerable Log4j library file (/opt/dynatrace-managed/elasticsearch/lib/log4j-core-2.11.1.jar) due to the usage of Elasticsearch. Dynatrace has applied the recommended mitigation measures of removing the org/apache/logging/log4j/core/lookup/JndiLookup.class from the Log4j library. This fully mitigates CVE-2021-44228 and CVE-2021-45046.

An upgrade of Elasticsearch which uses an updated Log4j library is planned.

0 Kudos
Reply
1 REPLY 1

Go to solution
andre_vdveen
DynaMight Champion
DynaMight Champion

‎22 Dec 2021 08:36 AM

Hi @osadmin yes that update is available.

 

Updated** versions that mitigate CVE-2021-44228, CVE-2021-45046

  • All versions >= 1.230.138
  • 1.230.138.20211216-204858
  • 1.228.134.20211216-191401
  • 1.226.130.20211216-191357
  • 1.224.101.20211216-191354

Please take a look at the official security alert article related to the log4j vulnerabilities, here:

 

https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/

 

I believe it will answer all your questions, as it lists all the detected vulnerabilities and Dynatrace's response to each, including the updated versions of all affected components.

0 Kudos
Reply
Ask a question

Featured Posts