This post has been updated on 21/12/2021.
Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting multiple versions of Apache Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in Log360 as of now. However, the affected Log4j version is used in Log360 in the bundled dependency, so we strongly recommend all our customers to follow the below steps to protect Log360 from the vulnerabilities.
Note: This procedure is applicable for the vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 irrespective of Log360's current build number.
1. Download/unzip the jar files from the link below:
2. Stop the Log360 service (if it is running).
3. Open command prompt in admin mode. Navigate to <Installation dir>/elasticsearch/ES/bin and run stopES.bat file.
4. Move the downloaded jar files to <Installation dir>/elasticsearch/ES/lib.
5. Delete the following files from ES/lib
log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar
log4j-api-2.9.1.jar (or) log4j-api-2.15.0.jar (or) log4j-api-2.16.0.jar
log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-core-2.16.0.jar
6. Start the Log360 service.
If SEM nodes are added, please follow the steps given below to fix the log4j vulnerabilities:
1. Log in to VM where the SEM node is present & Stop the elasticsearch service(elasticsearch-service-x64 or elasticsearch-service-x86) from the services.msc
2. Download/unzip the below jar files from this link:
3. Open the installation directory of ES node in the added SEM node and navigate to the following location.
4. Paste the above-copied jars in <Installation folder>/ES/lib location.
5. Backup and delete the following jars from the <Installation dir>/ES/lib
6. Start the elasticsearch service(elasticsearch-service-x64 or elasticsearch-service-x86) from the services.msc