A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.
In Logstash, we responded by bumping the log4j version to 2.15.0 in #13496 to bypass the vulnerability.
Update to Logstash version 6.8.21 or 7.16.1 to get this fix.
See our related security announcement for additional information.
Release 7.16.1 includes filter versions that will not run on JDK 8. This issue is fixed in the latest versions:
You can update these plugins as usual:
bin/logstash-plugin update logstash-filter-date bin/logstash-plugin update logstash-filter-geoip
LS_JAVA_HOME environment variables to run Logstash with the bundled JDK (currently JDK 11).
This approach is recommended and can help you avoid version incompatibilities.
Fixed an issue that would prevent Logstash from starting if a deprecated setting, such as
http.enabled, was configured. #13484
Updates to dependencies
- Updated Log4j to 2.15.0 #13496
Avro Codec - 3.3.1
- Pin avro gem to 1.10.x, as 1.11+ requires ruby 2.6+ #37
Date Filter - 3.1.11
- Update Log4j dependencies to 2.15.0 #142
- Internal: upgrade packaging tooling to Gradle 7 so that plugin can be packaged on modern Java releases #140
- Internal: refined spec and unit test assertions to account for changes in how timestamps are serialised in Logstash 8. #141
- Build against JRuby 9k #116
Dissect Filter - 1.2.2
Geoip Filter - 7.2.6
Grok Filter - 4.4.1
- Added preview of ECS v8 support using existing ECS v1 implementation #175
Mutate Filter - 3.5.6
Syslog_pri Filter - 3.1.1
- Added preview of ECS-v8 support with existing ECS-v1 implementation #10
Useragent Filter - 3.3.2
Xml Filter - 4.1.3
Azure_event_hubs Input - 1.4.1
Beats Input - 6.2.3
Dead_letter_queue Input - 1.1.6
- Update dependencies for log4j and jackson #30
Http Input - 3.4.3
Tcp Input - 6.2.3
Jdbc Integration - 5.1.8
Kafka Integration - 10.8.2
Validator_support Mixin - 1.0.2
Fix: '' value behavior in
Introduce plugin parameter validation adapters, including initial backport for
Elasticsearch Output - 11.2.3
Downgrade ECS templates, pinning to v1.10.0 of upstream; fixes an issue where ECS templates cannot be installed in Elasticsearch 6.x or 7.1-7.2, since the generated templates include fields of
type: flattenedthat was introduced in Elasticsearch 7.3
Update ECS templates from upstream;
ecs_compatiblity => v1now resolves to templates for ECS v1.12.1 #1027
Sns Output - 4.0.8
- Feat: handle host object as subject (due ECS) #22