Logstash version 2.2.2 has been released with a crucial security bug fix addressing a vulnerability present in version 2.2.1, which made it susceptible to a man-in-the-middle attack when used with Elasticsearch output due to the inadvertent disabling of SSL/TLS configuration by default. This vulnerability allowed unauthorized access to payload data transmitted via HTTP during the initial handshake. Users are encouraged to upgrade to version 2.2.2 to resolve this issue, but those unable to upgrade immediately can mitigate the risk by using the "https" prefix in their host configuration and then restarting Logstash.