elastic · ismisepaul · Jan 14, 2026
@@ -63,5 +63,5 @@ You can use the [public API](/reference/public-api.md) to create custom spans an
 
 ## The Elastic APM Java Agent is not using the latest log4j2 version. Is it still safe? [faq-log4j2-security]
 
-Yes, the log4j version used contains backports for all known security vulnerabilities, including log4shell. More info on [log4j2’s security page](https://logging.apache.org/log4j/2.x/security.md). As the Elastic APM Java Agent still supports Java 7, we can’t update beyond log4j 2.12.x. Some security tools may still falsely flag the log4j2 version that the Elastic APM Java Agent uses as vulnerable. For these cases we publish a dedicated build which ships the latest log4j2 dependency, which however therefore requires at least Java 8. You can find this version on Maven Central linked at our [setup documentation](/reference/setup-javaagent.md#setup-javaagent-get-agent). If there’s a new vulnerability that’s not yet patched in the latest version of the Elastic APM Java Agent, please report it as described in [https://www.elastic.co/product-security](https://www.elastic.co/product-security).
+Yes, the log4j version used contains backports for all known security vulnerabilities, including log4shell. More info on [log4j2’s security page](https://logging.apache.org/log4j/2.x/security.md). As the Elastic APM Java Agent still supports Java 7, we can’t update beyond log4j 2.12.x. Some security tools may still falsely flag the log4j2 version that the Elastic APM Java Agent uses as vulnerable. For these cases we publish a dedicated build which ships the latest log4j2 dependency, which however therefore requires at least Java 8. You can find this version on Maven Central linked at our [setup documentation](/reference/setup-javaagent.md#setup-javaagent-get-agent). If there’s a new vulnerability that’s not yet patched in the latest version of the Elastic APM Java Agent, please report it as described in [https://github.com/elastic/.github/blob/main/SECURITY.md](https://github.com/elastic/.github/blob/main/SECURITY.md).
Original file line number	Diff line number	Diff line change
Expand Up		@@ -63,5 +63,5 @@ You can use the [public API](/reference/public-api.md) to create custom spans an

		## The Elastic APM Java Agent is not using the latest log4j2 version. Is it still safe? [faq-log4j2-security]

		Yes, the log4j version used contains backports for all known security vulnerabilities, including log4shell. More info on [log4j2’s security page](https://logging.apache.org/log4j/2.x/security.md). As the Elastic APM Java Agent still supports Java 7, we can’t update beyond log4j 2.12.x. Some security tools may still falsely flag the log4j2 version that the Elastic APM Java Agent uses as vulnerable. For these cases we publish a dedicated build which ships the latest log4j2 dependency, which however therefore requires at least Java 8. You can find this version on Maven Central linked at our [setup documentation](/reference/setup-javaagent.md#setup-javaagent-get-agent). If there’s a new vulnerability that’s not yet patched in the latest version of the Elastic APM Java Agent, please report it as described in [https://www.elastic.co/product-security](https://www.elastic.co/product-security).
		Yes, the log4j version used contains backports for all known security vulnerabilities, including log4shell. More info on [log4j2’s security page](https://logging.apache.org/log4j/2.x/security.md). As the Elastic APM Java Agent still supports Java 7, we can’t update beyond log4j 2.12.x. Some security tools may still falsely flag the log4j2 version that the Elastic APM Java Agent uses as vulnerable. For these cases we publish a dedicated build which ships the latest log4j2 dependency, which however therefore requires at least Java 8. You can find this version on Maven Central linked at our [setup documentation](/reference/setup-javaagent.md#setup-javaagent-get-agent). If there’s a new vulnerability that’s not yet patched in the latest version of the Elastic APM Java Agent, please report it as described in [https://github.com/elastic/.github/blob/main/SECURITY.md](https://github.com/elastic/.github/blob/main/SECURITY.md).