Comments (7)
@matprov ahh delightful, thanks for doing the additional digging
from elk-docker.
Thanks for raising this and highlighting the solution!
Have updated the repo to version 7.16.1 (ae7672d) and the images (regular and OSS) have been built — thereby fixing the issue.
from elk-docker.
@gnmerritt Unfortunately no, as per https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 :
Solutions and Mitigations:
Users should upgrade to Logstash 6.8.21 or 7.16.1 once they are released (expected Monday 13th December). These releases will replace vulnerable versions of Log4j with Log4j 2.15.0.
The widespread flag -Dlog4j2.formatMsgNoLookups=true is NOT sufficient to mitigate the vulnerability in Logstash in all cases, as Logstash uses Log4j in a way where the flag has no effect.
from elk-docker.
I really hope that no one is actually using this image in production 😱
Anyway 😄 I haven’t kept the v6 branch up-to-date since v7 was released, so there are are a few cobwebs there.
Still not planning to keep v6 up-to-date, but I do understand the urgency of updating to 6.8.22 for those still running v6, so I’ve updated the repo with the bare minimum changes to build 6.8.22, and built and published the image – with the caveat that all the new stuff in the current (v7) branch hasn’t been backported.
from elk-docker.
Per https://www.elastic.co/blog/detecting-log4j2-with-elastic-security it looks like we should be able to turn off the vulnerable code paths with this JVM flag: JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true
from elk-docker.
That's a good news @spujadas.
There is also the 6.x version (Logstash 6.8.22) that would need to be updated.
People running 6.x in prod might not be willing to update to 7.x at this time ;)
from elk-docker.
Great, thanks @spujadas for taking care of this issue!
from elk-docker.
Related Issues (20)
- ELK fails to start on MAC M1 HOT 8
- Setting up APM question HOT 4
- Question: user authentication for https HOT 1
- Error in Security section HOT 1
- Issues installing on TrueNAS Scale HOT 1
- Update ELK to latest version (currently 8.3.3) HOT 4
- Issues running on AWS Fargate HOT 2
- Add sample docker-compose.yml with persistance + traefik configuration HOT 1
- example using image never starts as elasticsearch doesn't start HOT 1
- Kibana refuses connection, nothing in logs HOT 2
- filebeat x509 certificate signed by unknown authority when calling api endpoint HOT 1
- Kibana enrollement token
- Update ELK to 8.9.0 HOT 1
- Kibana 8.11.1 Security Update (ESA-2023-25) HOT 1
- want to move data from this running stack to another machine (arm64-amd64) how to
- how to disable the features that require a licence.
- Please update to 8.13.2 HOT 1
- For Running on MAC M2 need need bootstrap.system_call_filter: false in elasticsearch.yml HOT 2
- Please update to v8.14.2 or higher (for CVE-2024-23442) HOT 2
- Upgrade to 8.15.1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elk-docker.