IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Logstash 6.8.21 Release Notes
editLogstash 6.8.21 Release Notes
editSecurity update
editLogstash response to Apache Log4j2 vulnerability
editA high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.
In Logstash, we responded by bumping the log4j version to 2.15.0 in #13500 to bypass the vulnerability.
Update to Logstash version 6.8.21 or 7.16.1 to get this fix.
See our related security announcement for additional information.