21 Dec 2021 10:29 PM - last edited on 03 Jan 2022 04:09 AM by MaciejNeumann
Has the following update been made available, if no when to expect?
Please note that the Dynatrace Managed versions listed below still include the vulnerable Log4j library file (/opt/dynatrace-managed/elasticsearch/lib/log4j-core-2.11.1.jar) due to the usage of Elasticsearch. Dynatrace has applied the recommended mitigation measures of removing the org/apache/logging/log4j/core/lookup/JndiLookup.class from the Log4j library. This fully mitigates CVE-2021-44228 and CVE-2021-45046.
An upgrade of Elasticsearch which uses an updated Log4j library is planned.
Solved! Go to Solution.
Hi @osadmin yes that update is available.
Please take a look at the official security alert article related to the log4j vulnerabilities, here:
I believe it will answer all your questions, as it lists all the detected vulnerabilities and Dynatrace's response to each, including the updated versions of all affected components.