I am using Search guard community edition version - Security team has flagged the log4j in the search guard

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

Elasticsearch version: 7.17.3

Server OS version: Windows 2019

Kibana version (if relevant): 7.17.3

Browser version (if relevant):

Browser OS version (if relevant):

Describe the issue: I am using SG Community edition and have ELK 7.17.3 Cluster. The Security team has flagged the log4j in search guard… is there any fix for it

Steps to reproduce:

Expected behavior:

Provide configuration:
kibana/config/kibana.yml (if relevant)

Provide logs:
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):

Additional data:

@amalk12 What are the exact versions of your ElasticSearch and Kibana Search Guard plugins?

SG Version is 53.1.0 . The log4j has been found currently in the SG TLS Tool

We just released a new version of the tlstool with new versions of log4j. See here:


Note: As the tlstool only runs on trusted data, the log4j vulnerabilities are not really applicable to the tlstool.

thanks for your reply