You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Chris Sampson (Jira)" <ji...@apache.org> on 2023/06/19 17:33:00 UTC

[jira] [Commented] (NIFI-11686) Update elasticsearch.client.version to 7.17.10

    [ https://issues.apache.org/jira/browse/NIFI-11686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17734347#comment-17734347 ] 

Chris Sampson commented on NIFI-11686:
--------------------------------------

As noted within the pom, such an upgrade will likely break connectivity to non-Elastic based Elasticsearch services (e.g. AWS OpenSearch).

What CVE are you attempting to mitigate with this change and does it really impact this library (as opposed to the elasticsearch server, which nifi doesn't use)?

If updating the the client library is necessary, why only to 7.17.10 instead of the latest 8.8.1?

> Update elasticsearch.client.version to 7.17.10
> ----------------------------------------------
>
>                 Key: NIFI-11686
>                 URL: https://issues.apache.org/jira/browse/NIFI-11686
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.22.0
>            Reporter: Mike R
>            Assignee: Jeyassri Balachandran
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update elasticsearch.client.version to 7.17.10



--
This message was sent by Atlassian Jira
(v8.20.10#820010)