The install instructions at Debian installation - Installing Graylog tell the user to install elasticsearch-oss but elastic has gone close source. elasticsearch-oss is version 7.10 of elasticsearch which is vulnerable to log4j trouble. (Not RCE but info leakage including environment variables)
Thing is, because the elasticsearch-oss is now gone (replaced by opensearch which graylog is still working on getting support for) it doesn’t get a safe 7.16+ version, it installs 7.10 still. To get 7.16 one must install “elasticsearch” instead of “elasticsearch-oss” at the apt install stage.
So… it has now become rather urgent that:
- graylog support opensearch
- the above instructions tell people to install the non-oss version of elasticsearch, for now, until 1.