ELK 7.16.1 fixes log4j vulns.

docker/elk/logstash/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.14
 #
 # VARS
-ENV LS_VER=7.15.1
+ENV LS_VER=7.16.1
 # Include dist
 ADD dist/ /root/dist/
 #
@@ -14,8 +14,7 @@ RUN apk -U --no-cache add \
 	     curl \
              libc6-compat \
              libzmq \
-             nss \
-             zip && \
+             nss && \
     apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community openjdk16-jre && \
 #
 # Get and install packages
@@ -36,8 +35,6 @@ RUN apk -U --no-cache add \
     /usr/share/logstash/bin/logstash-plugin install logstash-output-gelf && \
     /usr/share/logstash/bin/logstash-plugin install logstash-output-http && \
     /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
-    # Remove log4j (https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476)
-    zip -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.* org/apache/logging/log4j/core/lookup/JndiLookup.class && \
 #
 # Add and move files
     cd /root/dist/ && \

docker/elk/logstash/dist/logstash.conf

@@ -649,12 +649,12 @@ if "_jsonparsefailure" in [tags] { drop {} }
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-City.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-ASN.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-ASN.mmdb"
     }
     translate {
       refresh_interval => 86400