Package
logstash-9.0-iamguarded-compat
Component
log4j-core
Latest update
Fixed version
9.0.8-r20
Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.
Start for freeStatus
Fixed version
9.0.8-r20Status
Impact
To mitigate CVE-2025-68161, log4j must be bumped from 2.17.2 to 2.25.3. This includes navigating a few small breaking changes in log4j. Upstream is currently working on a patch to complete this migration here, but the patch is incomplete and has failing tests.
Status
Status