Elasticsearch recently released v1.7.0 and v1.6.1, which addresses several severe security issues. We have tested Graylog v1.1.X with Elasticsearch v1.6.1 and strongly recommend upgrading to Elasticsearch v1.6.1.
We are investigating if our usage of Elasticsearch in graylog-server is affected and will follow up with an update if necessary.
The Elasticsearch release blog post can be found here: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released