Logstash 8.15.3, 8.16.0 Security Update (ESA-2024-48)

Logstash Inefficient Regular Expression Complexity ESA-2024-48 On October 28th, 2024, Ruby announced CVE-2024-49761 in rexml which can lead to ReDoS when parsing XML that has many digits between & and x...; in a hex numeric character reference &x...;. The issue only affects users that use the...

Logstash 5.0.0-6.8.20 and 7.0.0-7.16.0: Log4j CVE-2021-44228, CVE-2021-45046 remediation

Note — These instructions only apply if you are running Logstash 5.0.0 - 6.8.20, or 7.0.0 - 7.16.0. If you are running an older version of Logstash, or a version of Logstash = 6.8.21 in the 6.x series or = 7.16.1 in the 7.x series, these instructions do not apply. Please follow the guidance in ma...