Status
Impact
Logstash bundles an upstream version of jruby which embeds a version of rexml at /usr/share/logstash/vendor/jruby/lib/ruby/gems/shared/specifications. Upstream jruby should update the rexml version that fix this vulnerability as it updates its default gems on some next release.