Security
Seascape Flex uses Elasticsearch OSS version 7.16.3 (or newer), which is NOT affected by the Apache Log4j vulnerability (CVE-2021-44228 and CVE-2021-45046).
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
Elasticsearch, Logstash 7.16.3 and 6.8.23 are released, which upgrade log4j to 2.17.1. By default, Elasticsearch and Logstash have no known vulnerabilities to CVE-2021-44832.
Last modified 1yr ago