Security

Summary
We are aware of the Apache Log4j 2 vulnerability, referred to as "Log4Shell".
Seascape Flex uses Elasticsearch OSS version 7.16.3 (or newer), which is NOT affected by the Apache Log4j vulnerability (CVE-2021-44228 and CVE-2021-45046).
More information
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
Elasticsearch, Logstash 7.16.3 and 6.8.23 are released, which upgrade log4j to 2.17.1. By default, Elasticsearch and Logstash have no known vulnerabilities to CVE-2021-44832.
​Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31​

Enabling HTTPS on Seascape Flex server

Adding new databases to Flex

Last modified 1yr ago