1. Describe your incident:
Because of the log4j Problem could you release older verisons of graylog with the fixed log4j patched?
log4j is a big problem and to be foreced to update is a nighmare on its own. i know getting support for older veriosns is not possible but could you help to reduce the work all ops/dev/IT personal has to tackle it by releasing minor veriosn updates of the affected graylog packages.
Hi Geosone
I’m sure you saw on the blog post that listed the versions of Graylogs that have been released with the fix. These are:
3.3.14-2
4.0.13-2
4.1.8-2
4.2.2-2
To be honest, the key tennant of keeping modern software secure is to keep it as up to date as possible. If you are using a Graylog version older than 3.3.14-2, you are seriously out of date and likely have a number of security vulnerabilities that have since been patched out. I realise its not what you want to hear, but you should look to upgrade Graylog - preferably to 4.2.2.
If you are worried about the upgrade process, perhaps if you outline your concerns we can help with that?