Elasticsearch has released security updates to address a vulnerability in Elasticsearch v.5.x and v.6.x. Exploitation of this vulnerability may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Elasticsearch Security Advisories apache-log4j and elasticsearch-5-and-6-log4j-remediation and apply necessary updates.