Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

logstash-[9.2]: Update advisory for CVE-2025-14762 #28187

Merged
ca-scribner merged 1 commit into from
Dec 30, 2025
Merged

logstash-[9.2]: Update advisory for CVE-2025-14762 #28187

ca-scribner merged 1 commit into from
Dec 30, 2025

Conversation

@ca-scribner
Copy link
Member

@ca-scribner ca-scribner commented Dec 29, 2025

To mitigate CVE-2025-14762, log4j must be bumped from 2.17.2 to 2.25.3. This includes navigating a few small breaking changes in log4j. Upstream is currently working on a patch to complete this migration here, but the patch is incomplete and has failing tests

@ca-scribner ca-scribner requested a review from a team December 29, 2025 19:54
@ca-scribner ca-scribner marked this pull request as ready for review December 29, 2025 19:54
@ca-scribner ca-scribner marked this pull request as draft December 29, 2025 19:57
auto-merge was automatically disabled December 29, 2025 19:57

Pull request was converted to draft

@ca-scribner ca-scribner marked this pull request as ready for review December 29, 2025 20:00
@ca-scribner ca-scribner force-pushed the logstash/GHSA-2xgq-q749=89fq branch 2 times, most recently from 24e935a to 76a6515 Compare December 29, 2025 20:05
@ca-scribner
logstash-[9.2]: Update advisory for CVE-2025-68161
c23b786 
To mitigate CVE-2025-14762, log4j must be bumped from 2.17.2 to 2.25.3.  This includes navigating a few small breaking changes in log4j.  Upstream is currently working on a patch to complete this migration [here](elastic/logstash#18522), but the patch is incomplete and has failing tests
@ca-scribner ca-scribner force-pushed the logstash/GHSA-2xgq-q749=89fq branch from 76a6515 to c23b786 Compare December 29, 2025 20:06
@ca-scribner ca-scribner added this pull request to the merge queue Dec 30, 2025
Merged via the queue into wolfi-dev:main with commit 6023bad Dec 30, 2025
4 checks passed
@ca-scribner ca-scribner deleted the logstash/GHSA-2xgq-q749=89fq branch December 30, 2025 09:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@bentasker bentasker bentasker approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ca-scribner @bentasker