Since Dec 13, the issue with Log4j was highly covered by the media and using Magento 2 you probably use ElasticSearch 6 or 7. If you need more information on how to check Log4J in your server you check the previous article Adobe Commerce Log4j.
ElasticSearch version
To check your current ElasticSearch version, you need to run this command below.
curl -XGET 'http://localhost:9200'
You might receive an output like this below showing the version.
ElasticSearch upgraded version against Log4j
You have two main upgraded versions your need to look at, version 6 and version 7. The version depends on your current installation and the Magento 2 version.
If you have ElasticSearch 6 you need to have at least version 6.8.21 to avoid the vulnerability.
If you have ElasticSearch 7 you need to have at least version 7.16.1 to avoid the vulnerability.
Both versions will include these technical adjustments below.
- Disable JNDI lookups via the log4j2.formatMsgNoLookups system property.
- Patch log4j jar to remove the JndiLookup class from the classpath.
Thank you for reading this article, and don’t forget to share it to let everyone in your team know about how to quickly check it.