New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to Elasticsearch 1.6.1 #1312

Merged
merged 1 commit into from Jul 21, 2015

Conversation

Projects
None yet
2 participants
@joschi
Contributor

joschi commented Jul 21, 2015

Due to a remote code execution vulnerability in Elasticsearch prior to 1.6.1 and 1.7.0 which can be triggered through the ES transport protocol (which is also exposed when using a client node), we should upgrade the internally used ES client in Graylog to Elasticsearch 1.6.1.

Details about the vulnerability can be found at https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released

@joschi joschi added this to the 1.1.5 milestone Jul 21, 2015

bernd added a commit that referenced this pull request Jul 21, 2015

Merge pull request #1312 from Graylog2/elasticsearch-1.6.1
Upgrade to Elasticsearch 1.6.1

@bernd bernd merged commit 4188d52 into 1.1 Jul 21, 2015

1 of 2 checks passed

ci Jenkins build graylog2-server-integration-pr 70 has failed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@bernd bernd deleted the elasticsearch-1.6.1 branch Jul 21, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment