High severity7.5NVD Advisory· Published Jun 16, 2017· Updated May 13, 2026
CVE-2016-1000221
CVE-2016-1000221
Description
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
logstash-coreRubyGems | < 2.3.4 | 2.3.4 |
Affected products
1Patches
19 files changed · +30 −25
CHANGELOG.md+5 −0 modified@@ -1,3 +1,8 @@ +## 2.3.4 (July 7, 2016) +### Output + - Elasticsearch + - Fixed an issue where unnecessary information from HTTP headers were being logged. + ## 2.3.3 (June 14, 2016) ### general - Fixed a bug where dynamic config reload feature could use excess memory, leading to a crash ([#5235](https://github.com/elastic/logstash/issues/5235)).
Gemfile+3 −3 modified@@ -2,9 +2,9 @@ # If you modify this file manually all comments and formatting will be lost. source "https://rubygems.org" -gem "logstash-core", "2.3.4.snapshot1" -gem "logstash-core-event", "2.3.4.snapshot1" -gem "logstash-core-plugin-api", "1.19.0" +gem "logstash-core", "2.3.4" +gem "logstash-core-event", "2.3.4" +gem "logstash-core-plugin-api", "1.20.0" gem "file-dependencies", "0.1.6" gem "ci_reporter_rspec", "1.0.0", :group => :development gem "simplecov", :group => :development
Gemfile.jruby-1.9.lock+15 −15 modified@@ -34,9 +34,9 @@ GEM clamp (0.6.5) coderay (1.1.1) concurrent-ruby (0.9.2-java) - coveralls (0.8.13) - json (~> 1.8) - simplecov (~> 0.11.0) + coveralls (0.8.14) + json (>= 1.8, < 3) + simplecov (~> 0.12.0) term-ansicolor (~> 1.3) thor (~> 0.19.1) tins (~> 1.6.0) @@ -56,7 +56,7 @@ GEM equalizer (0.0.10) faraday (0.9.2) multipart-post (>= 1.2, < 3) - ffi (1.9.11) + ffi (1.9.13) ffi-rzmq (2.0.4) ffi-rzmq-core (>= 1.0.1) ffi-rzmq-core (1.0.5) @@ -159,7 +159,7 @@ GEM logstash-codec-rubydebug (2.0.7) awesome_print logstash-core-plugin-api (~> 1.0) - logstash-core (2.3.4.snapshot1-java) + logstash-core (2.3.4-java) cabin (~> 0.8.0) clamp (~> 0.6.5) concurrent-ruby (= 0.9.2) @@ -168,16 +168,16 @@ GEM i18n (= 0.6.9) jrjackson (~> 0.3.7) jruby-openssl (= 0.9.13) - logstash-core-event (= 2.3.4.snapshot1) + logstash-core-event (= 2.3.4) minitar (~> 0.5.4) pry (~> 0.10.1) rubyzip (~> 1.1.7) stud (~> 0.0.19) thread_safe (~> 0.3.5) treetop (< 1.5.0) - logstash-core-event (2.3.4.snapshot1-java) - logstash-core-plugin-api (1.19.0-java) - logstash-core (>= 2.0.0, <= 2.3.4.snapshot1) + logstash-core-event (2.3.4-java) + logstash-core-plugin-api (1.20.0-java) + logstash-core (>= 2.0.0, <= 2.3.4) logstash-devutils (0.0.22-java) fivemat gem_publisher @@ -603,9 +603,9 @@ GEM faraday (~> 0.8, < 0.10) sequel (4.36.0) simple_oauth (0.3.1) - simplecov (0.11.2) + simplecov (0.12.0) docile (~> 1.1.0) - json (~> 1.8) + json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) slop (3.6.0) @@ -635,7 +635,7 @@ GEM simple_oauth (~> 0.3.0) tzinfo (1.2.2) thread_safe (~> 0.1) - tzinfo-data (1.2016.5) + tzinfo-data (1.2016.6) tzinfo (>= 1.0.0) unf (0.1.4-java) user_agent_parser (2.3.0) @@ -671,9 +671,9 @@ DEPENDENCIES logstash-codec-oldlogstashjson logstash-codec-plain logstash-codec-rubydebug - logstash-core (= 2.3.4.snapshot1) - logstash-core-event (= 2.3.4.snapshot1) - logstash-core-plugin-api (= 1.19.0) + logstash-core (= 2.3.4) + logstash-core-event (= 2.3.4) + logstash-core-plugin-api (= 1.20.0) logstash-devutils (~> 0.0.15) logstash-filter-anonymize logstash-filter-checksum
logstash-core-event/lib/logstash-core-event/version.rb+1 −1 modified@@ -5,4 +5,4 @@ # Note to authors: this should not include dashes because 'gem' barfs if # you include a dash in the version string. -LOGSTASH_CORE_EVENT_VERSION = "2.3.4.snapshot1" +LOGSTASH_CORE_EVENT_VERSION = "2.3.4"
logstash-core/lib/logstash-core/version.rb+1 −1 modified@@ -5,4 +5,4 @@ # Note to authors: this should not include dashes because 'gem' barfs if # you include a dash in the version string. -LOGSTASH_CORE_VERSION = "2.3.4.snapshot1" +LOGSTASH_CORE_VERSION = "2.3.4"
logstash-core/lib/logstash/version.rb+1 −1 modified@@ -11,4 +11,4 @@ # eventually this file should be in the root logstash lib fir and dependencies in logstash-core should be # fixed. -LOGSTASH_VERSION = "2.3.4.snapshot1" +LOGSTASH_VERSION = "2.3.4"
logstash-core/logstash-core.gemspec+1 −1 modified@@ -17,7 +17,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = LOGSTASH_CORE_VERSION - gem.add_runtime_dependency "logstash-core-event", "2.3.4.snapshot1" + gem.add_runtime_dependency "logstash-core-event", "2.3.4" gem.add_runtime_dependency "cabin", "~> 0.8.0" #(Apache 2.0 license) gem.add_runtime_dependency "pry", "~> 0.10.1" #(Ruby license)
logstash-core-plugin-api/lib/logstash-core-plugin-api/version.rb+2 −2 modified@@ -1,3 +1,3 @@ # encoding: utf-8 -# 1.19.0 tracks LS 2.3.4.snapshot1 -LOGSTASH_CORE_PLUGIN_API = "1.19.0" +# 1.20.0 tracks LS 2.3.4 +LOGSTASH_CORE_PLUGIN_API = "1.20.0"
logstash-core-plugin-api/logstash-core-plugin-api.gemspec+1 −1 modified@@ -17,7 +17,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = LOGSTASH_CORE_PLUGIN_API - gem.add_runtime_dependency "logstash-core", ">= 2.0.0", "<= 2.3.4.snapshot1" + gem.add_runtime_dependency "logstash-core", ">= 2.0.0", "<= 2.3.4" # Make sure we dont build this gem from a non jruby # environment.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- www.securityfocus.com/bid/99126nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-vcmm-ppqx-95chghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1000221ghsaADVISORY
- www.elastic.co/community/securitynvdVendor AdvisoryWEB
- github.com/elastic/logstash/commit/0999050144adad7f4d99d43e561c2882fd7c512bghsaWEB
- web.archive.org/web/20210124065200/http://www.securityfocus.com/bid/99126ghsaWEB
News mentions
0No linked articles in our index yet.