Logstash 1.4.3 has been released as a bug fix update addressing critical security vulnerabilities in the 1.4 series, with an emphasis on upgrading for users of specific plugins such as Elasticsearch output with node protocol, Logstash Forwarder with Lumberjack input/output, and File Output. The release notably addresses vulnerabilities found in Elasticsearch 1.1.1, bundled with Logstash 1.4.2, which was susceptible to CVE-2014-3120, allowing command execution on the host OS via a node client's URL endpoint. The update packages Logstash with Elasticsearch 1.5.2, which disables script execution by default, and advises against using embedded Elasticsearch clusters in production. Additionally, the combination of Logstash Forwarder and Lumberjack was vulnerable to the POODLE attack in SSLv3, leading to the disabling of SSLv3 in favor of TLSv1.0. The release also fixes a File Output plugin vulnerability that allowed path traversal outside the Logstash directory, restricting the use of dynamic field references with absolute paths. An issue with socket connection release in the Elasticsearch output was also resolved, benefiting any plugins using the ruby-ftw HTTP client library.