Elasticsearch and Logstash have released versions 7.16.2 and 6.8.22 to upgrade Apache Log4j2 to version 2.17.0, addressing vulnerabilities disclosed in CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. The new releases incorporate mitigations from previous versions and completely remove the JndiLookup class to eliminate associated risks. Despite these updates, vulnerability scanners may still produce false positives due to the Log4j versioning, which could concern some users regarding compliance. Elastic advises users to stay informed via their advisory and leverage Elastic Security's detection and event correlation capabilities to identify potential active exploitation. For those unfamiliar with Elastic Security, resources such as Quick Start guides and free training courses are available, along with a free 14-day trial of Elastic Cloud.