Debian installation instructions need updated for elasticsearch log4j mitigation

The install instructions at Debian installation - Installing Graylog tell the user to install elasticsearch-oss but elastic has gone close source. elasticsearch-oss is version 7.10 of elasticsearch which is vulnerable to log4j trouble. (Not RCE but info leakage including environment variables)

Thing is, because the elasticsearch-oss is now gone (replaced by opensearch which graylog is still working on getting support for) it doesn’t get a safe 7.16+ version, it installs 7.10 still. To get 7.16 one must install “elasticsearch” instead of “elasticsearch-oss” at the apt install stage.

So… it has now become rather urgent that:

  1. graylog support opensearch
  2. the above instructions tell people to install the non-oss version of elasticsearch, for now, until 1.


Hi @rubinlinux. We published a blog and a doc to guide you through the steps to patch your Graylog instance(s) again Log4Shell. See the respective articles: Graylog Update for Log4j | Graylog & Upgrade Graylog Against Log4Shell - Upgrade Graylog Against Log4Shell