Bump elasticsearch to avoid log4j vulnerability #1040
Labels
security
Pull requests that address a security vulnerability
transformer/Elasticsearch
Related to filter transformer for Elasticsearch
Elastic search seems to use log4j internally. (I found it with the tool log4j-sniffer )
I am not sure how bad this is for us, as the users do not interface directly with elastic search.
With version 7.16.2 this has been fixed.
So I suggest we update the dependency version for elastic search to 7.16.2 just in case.
I also think we currently still require a version below version 7 which blocks users from upgrading to the patched version of elastic search.
The text was updated successfully, but these errors were encountered: