You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2022/10/13 15:08:33 UTC

[GitHub] [storm] zhoumengyks opened a new pull request, #3498: fix(sec): upgrade org.elasticsearch:elasticsearch to 6.8.17

zhoumengyks opened a new pull request, #3498:
URL: https://github.com/apache/storm/pull/3498

   ### What happened？
   There are 6 security vulnerabilities found in org.elasticsearch:elasticsearch 2.4.4
   - [CVE-2020-7020](https://www.oscs1024.com/hd/CVE-2020-7020)
   - [CVE-2021-22144](https://www.oscs1024.com/hd/CVE-2021-22144)
   - [CVE-2020-7021](https://www.oscs1024.com/hd/CVE-2020-7021)
   - [CVE-2021-22137](https://www.oscs1024.com/hd/CVE-2021-22137)
   - [CVE-2021-22135](https://www.oscs1024.com/hd/CVE-2021-22135)
   - [CVE-2019-7614](https://www.oscs1024.com/hd/CVE-2019-7614)
   
   
   ### What did I do？
   Upgrade org.elasticsearch:elasticsearch from 2.4.4 to 6.8.17 for vulnerability fix
   
   ### What did you expect to happen？
   Ideally, no insecure libs should be used.
   
   ### The specification of the pull request
   [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] bipinprasad commented on pull request #3498: fix(sec): upgrade org.elasticsearch:elasticsearch to 6.8.17

Posted by GitBox <gi...@apache.org>.

bipinprasad commented on PR #3498:
URL: https://github.com/apache/storm/pull/3498#issuecomment-1287523290

   Probably needs some code change.
   https://app.travis-ci.com/github/apache/storm/jobs/585564257 line 6680
   Error in external/storm-elasticsearch/src/test/java/org/apache/storm/elasticsearch/common/EsTestUtil.java:[56,30] cannot find symbol
   Breaking change with NodeBuilder: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/breaking_50_java_api_changes.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(sec): upgrade org.elasticsearch:elasticsearch to 6.8.17 (storm)

Posted by "rzo1 (via GitHub)" <gi...@apache.org>.

rzo1 closed pull request #3498: fix(sec): upgrade org.elasticsearch:elasticsearch to 6.8.17
URL: https://github.com/apache/storm/pull/3498


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(sec): upgrade org.elasticsearch:elasticsearch to 6.8.17 (storm)

Posted by "rzo1 (via GitHub)" <gi...@apache.org>.

rzo1 commented on PR #3498:
URL: https://github.com/apache/storm/pull/3498#issuecomment-1803774980

   This needs more work. As the PR is stale for > 1y now, I am going to close it. Feel free to re-open.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org