github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 14:47:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Doc: Add dependency fix to 7.16.1 release notes (#13516)

Browse source
This commit is contained in:
Karen Metts 2021-12-14 15:50:13 -05:00 committed by GitHub
parent 7875e243f7
commit c3b0bb4224
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
docs/static/releasenotes.asciidoc vendored
View file

@ -59,6 +59,23 @@ This section summarizes the changes in the following releases:
[[logstash-7-16-1]]
=== Logstash 7.16.1 Release Notes
[[security-updates-7.16.1]]
==== Security update
[[log4j2-7.16.1]]
===== Logstash response to Apache Log4j2 vulnerability
A high severity vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228[(CVE-2021-44228)] impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the projects GitHub on December 9, 2021.
The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.
In Logstash, we responded by bumping the log4j version to 2.15.0 in https://github.com/elastic/logstash/pull/13496[#13496] to bypass the vulnerability.
IMPORTANT: Update to Logstash version 6.8.21 or 7.16.1 to get this fix.
See our related
https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476[security
announcement] for additional information.
[[known-issue-7-16-1]]
==== Known issue