Debian installation instructions need updated for elasticsearch log4j mitigation

rubinlinux · December 19, 2021, 7:48am

The install instructions at Debian installation - Installing Graylog tell the user to install elasticsearch-oss but elastic has gone close source. elasticsearch-oss is version 7.10 of elasticsearch which is vulnerable to log4j trouble. (Not RCE but info leakage including environment variables)

Thing is, because the elasticsearch-oss is now gone (replaced by opensearch which graylog is still working on getting support for) it doesn’t get a safe 7.16+ version, it installs 7.10 still. To get 7.16 one must install “elasticsearch” instead of “elasticsearch-oss” at the apt install stage.

So… it has now become rather urgent that:

graylog support opensearch
the above instructions tell people to install the non-oss version of elasticsearch, for now, until 1.

Thanks

dulanism · January 3, 2022, 5:26am

Hi @rubinlinux. We published a blog and a doc to guide you through the steps to patch your Graylog instance(s) again Log4Shell. See the respective articles: Graylog Update for Log4j | Graylog & Upgrade Graylog Against Log4Shell - Upgrade Graylog Against Log4Shell

Topic		Replies	Views
Downgrade Elasticsearch to support Graylog version Graylog Central (peer support) elastic	8	1149	August 5, 2022
Elasticsearch Upgrade Graylog Central (peer support)	6	1340	August 4, 2021
Question about migrating to 4.3.0 Graylog Central (peer support)	6	560	June 21, 2022
Ubuntu Installation Docs Suggestion (elasticsearch) Graylog Central (peer support)	2	798	May 19, 2019
Elasticsearch oss 7.10.2 EOL Graylog Central (peer support) elastic	2	1394	September 14, 2022

Debian installation instructions need updated for elasticsearch log4j mitigation

Related topics