What's the log4j version on R20211203- P2?
What's the log4j version on R20211203- P2 (today, 20-Dec-2021)?
Amazon OpenSearch Service has released a critical service software update, R20211203-P2, that contains an updated version of Log4j2 in all regions. We strongly recommend that customers update their OpenSearch clusters to this release as soon as possible.
- I would highly recommend you to track/monitor the following AWS security bulletin for updates on this vulnerability’s impact on AWS services :
I updated R20211203- P2. However It updated new weekness point log4j, 'CVE-2021-45105' 19/12/2021. Does R20211203- P2 resolve 'CVE-2021-45105'?
The R20211203- P2 will not protect from CVE-2021-45105. Probably this will in a next patch although the threat is a bit lower (only DDOS possibility under certain conditions).
I do not know the contents of the patch though. There is one version of log4j unaffected: 2.12.3 if they used that version the new CVE would also be covered. This version was release 2020-02-25 though and probably has other vuklnerabilities.
The only unaffected version for CVE-2021-45105 is log4j version 2.17 (and 2.12.3) which was released 18 dec 15:14. (source https://github.com/apache/logging-log4j2/tags hover over tag label)
The patch R20211203- P2 was suggested before 15 dec 07:43. (source https://stackoverflow.com/questions/70359982/were-running-elasticsearch-7-8-through-aws-opensearch-with-logging-turned-off)
AWS NoSQL Workbench log4jAccepted Answerasked 2 months ago
log4j issue with dynamodb-local - looking for release info and a date for what would be 1.17.3 with log4j 2.17asked 5 months ago
Kinesis agent using log4j -zero day vulnerable versionasked 5 months ago
Corretto 11 with Tomcat 8.5 AL2 version 4.2.9 Updates for latest log4j hotpatch 1.1-12asked 5 months ago
Elasticsearch Domains not updated after confirmed update process - no info - update now disabledasked 5 months ago
What's the log4j version on R20211203- P2?asked 5 months ago
EMR with Log4j 2.17.1Accepted Answerasked 5 months ago
AWS security notification: EC2 instances vulnerable to log4j vulnerabilityasked 5 months ago
Glue job error : run ID: jr_f96799827354866ac2e798fb8b40d5781284e5ed5b3a4ffasked a year ago
R20210426-P2 software update - does that upgrade ElascticSearch version?Accepted Answerasked a year ago