IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Logstash 6.8.21 Release Notesedit
Security updateedit
Logstash response to Apache Log4j2 vulnerabilityedit
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.
In Logstash, we responded by bumping the log4j version to 2.15.0 in #13500 to bypass the vulnerability.
Update to Logstash version 6.8.21 or 7.16.1 to get this fix.
See our related security announcement for additional information.