ANN: Elasticsearch Connector 4.3.3 & 4.2.13 (fixes Log4j vulnerability)

UPDATE: If you arrived here to learn about Couchbase’s response to the Log4Shell vulnerability, please see Ian McCloy’s message down below.

Hi All,

I’m glad to announce the release of Couchbase Elasticsearch Connector 4.3.3 and 4.2.13.

All users should upgrade to one of these versions as soon as possible to fix a high severity vulnerability CVE-2021-44228 in versions of Log4j 2 prior to 2.15.0.

Release Notes and Downloads | Documentation

Regards,
David Nault

1 Like

Is this the only component exposed to this particular vulnerability or are updates for others coming as well?

2 Likes

it seems that all couchbase servers versions use a compromised version of apache log4j

Is a patch planned ?

Thank you for using Couchbase and participating in our community forums.
I would encourage all users to review our blog post What to Know About the Log4j Vulnerability CVE-2021-44228 which has details about the affected software and mitigations.

Thank you,
Ian McCloy, Couchbase Principal Product Manager

2 Likes