I am using Search guard community edition version - Security team has flagged the log4j in the search guard

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

Elasticsearch version: 7.17.3

Server OS version: Windows 2019

Kibana version (if relevant): 7.17.3

Browser version (if relevant):

Browser OS version (if relevant):

Describe the issue: I am using SG Community edition and have ELK 7.17.3 Cluster. The Security team has flagged the log4j in search guard… is there any fix for it

Steps to reproduce:
1.
2.
3.

Expected behavior:

Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)

Provide logs:
Elasticsearch
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):

Additional data:

@amalk12 What are the exact versions of your ElasticSearch and Kibana Search Guard plugins?

SG Version is 53.1.0 . The log4j has been found currently in the SG TLS Tool

We just released a new version of the tlstool with new versions of log4j. See here:

https://maven.search-guard.com/search-guard-tlstool/com/floragunn/search-guard-tlstool/1.9.1/

Note: As the tlstool only runs on trusted data, the log4j vulnerabilities are not really applicable to the tlstool.

thanks for your reply

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.