Apache Solr Apache Druid Apache Flink ElasticSearch Flume Apache Dubbo Logstash Kafka
That list comes from: https://unit42.paloaltonetworks.com/apache-log4j-vulnerabili...
The attack surface is quite a bit larger than many realize. I recently had a conversation with a person who wasn't at a Java shop so wasn't worried... until he said "oh, wait, ElasticSearch is vulnerable too?"
You'll even see it in things like the connector between CouchBase and ElasticSearch ( https://forums.couchbase.com/t/ann-elasticsearch-connector-4... ).
Nope. Nope. Nope. Nope. Nope. Nope. Nope.
aaaand...
Nope. Plans for it, but not yet in production.
Oh and before anyone starts, not in transitive dependencies either. Just good old bare metal EC2 instances without vendor lock in.
That list comes from: https://unit42.paloaltonetworks.com/apache-log4j-vulnerabili...
The attack surface is quite a bit larger than many realize. I recently had a conversation with a person who wasn't at a Java shop so wasn't worried... until he said "oh, wait, ElasticSearch is vulnerable too?"
You'll even see it in things like the connector between CouchBase and ElasticSearch ( https://forums.couchbase.com/t/ann-elasticsearch-connector-4... ).