FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSearch -- Log4Shell

Affected packages
opensearch < 1.2.2

Details

VuXML ID b0f49cb9-6736-11ec-9eea-589cfc007716
Discovery 2021-12-14
Entry 2021-12-27

OpenSearch reports:

CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in OpenSearch 1.2.1) to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While there has been no observed reproduction of the issue described in CVE-2021-45046, Log4j 2.16.0 takes much more extensive JNDI mitigation measures.

References

CVE Name CVE-2021-45046
URL https://opensearch.org/blog/releases/2021/12/update-1-2-2/