# OpenSearch 1.2.2 Release Notes

## Release Highlights

This patch releases updates the version of Log4j used in OpenSearch to Log4j 2.16.0 as recommended by the advisory in [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046).

### OpenSearch
* Increment version to 1.2.2 and backport log4j upgrade to 2.16. ([#1728](https://github.com/opensearch-project/OpenSearch/pull/1728))

### OpenSearch Security
* Bumping log4j to 2.16.0 ([#1525](https://github.com/opensearch-project/security/pull/1525))