We have released multiple patches for the v1 and v2 branches (1.0.2, 1.0.3, 2.0.1 and 2.0.2) of the Snowplow Elasticsearch Loader, upgrading dependencies to address the recently identified Log4j 2 vulnerability (CVE-2021-44228).
We’re currently maintaining both branches as v2 adds support for Elasticsearch v7 however, there is a known issue with oversized events in v2 which will are looking to address soon.
v1.0.2 and v2.0.1 Changelog
Bump log4j-core to 2.16.0 (#211)
v1.0.3 and v2.0.2 Changelog
Bump amazon-kinesis-client to 1.14.5 (#215)
Updating
1.0.2, 1.0.3, 2.0.1 and 2.0.2 images can be pulled from Docker Hub. jar files are available on Github: Releases · snowplow/snowplow-elasticsearch-loader · GitHub