Logstash 6.8.21 Release Notes

edit

Logstash 6.8.21 Release Notes

edit

Security update

edit

Logstash response to Apache Log4j2 vulnerability

edit

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.

In Logstash, we responded by bumping the log4j version to 2.15.0 in #13500 to bypass the vulnerability.

Update to Logstash version 6.8.21 or 7.16.1 to get this fix.

See our related security announcement for additional information.

Performance improvements and notable issues fixed

edit
  • Use correct headers api for redirects in plugin manager http client #13411

Updates to dependencies

  • Update log4j dependencies #13500