Upgraded ElasticSearch to get rid of CVEs (and switched client to OpenSearch one)#13867
Merged
lhotari merged 2 commits intoapache:masterfrom Jan 21, 2022
Merged
Upgraded ElasticSearch to get rid of CVEs (and switched client to OpenSearch one)#13867lhotari merged 2 commits intoapache:masterfrom
lhotari merged 2 commits intoapache:masterfrom
Conversation
* Upgraded ElasticSearch to get rid of CVEs. CVE-2020-7020 CVE-2020-7021 CVE-2021-22132 CVE-2021-22134 CVE-2021-22144 CVE-2021-22147 * Elastic search client version >= 7.11 no longer works with OSS Elastic images (and elastic.co no longer releases OSS images) * Fixed tests for Elasticsearch * pom cleanup
Contributor
Author
|
/pulsarbot run-failure-checks |
freeznet
approved these changes
Jan 21, 2022
lhotari
approved these changes
Jan 21, 2022
nicoloboschi
pushed a commit
to datastax/pulsar
that referenced
this pull request
Jan 21, 2022
…nSearch one) (apache#13867) * Upgraded ElasticSearch to get rid of CVEs. (apache#13747) * Upgraded ElasticSearch to get rid of CVEs. CVE-2020-7020 CVE-2020-7021 CVE-2021-22132 CVE-2021-22134 CVE-2021-22144 CVE-2021-22147 * Elastic search client version >= 7.11 no longer works with OSS Elastic images (and elastic.co no longer releases OSS images) * Fixed tests for Elasticsearch * pom cleanup * Switched to OpenSearch client for Elastic (Apache 2 licensed) (cherry picked from commit bef3071)
nicoloboschi
pushed a commit
to datastax/pulsar
that referenced
this pull request
Feb 28, 2022
…nSearch one) (apache#13867) * Upgraded ElasticSearch to get rid of CVEs. (apache#13747) * Upgraded ElasticSearch to get rid of CVEs. CVE-2020-7020 CVE-2020-7021 CVE-2021-22132 CVE-2021-22134 CVE-2021-22144 CVE-2021-22147 * Elastic search client version >= 7.11 no longer works with OSS Elastic images (and elastic.co no longer releases OSS images) * Fixed tests for Elasticsearch * pom cleanup * Switched to OpenSearch client for Elastic (Apache 2 licensed) (cherry picked from commit bef3071) (cherry picked from commit 6deb24c)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CVEs are:
CVE-2020-7020
CVE-2020-7021
CVE-2021-22132
CVE-2021-22134
CVE-2021-22144
CVE-2021-22147
Motivation
mvn clean install verify -Powasp-dependency-check -DskipTestsfound various CVEsModifications
Brought back changes from #13747
On top of that, replaced ElasticSearch client with OpenSearch one to get rid of CVEs + retain the Apache 2.0 licensing.
Verifying this change
This change is a trivial rework / code cleanup without any test coverage.
Does this pull request potentially affect one of the following parts:
If
yeswas chosen, please highlight the changesDocumentation
Check the box below or label this PR directly (if you have committer privilege).
Need to update docs?
doc-required(If you need help on updating docs, create a doc issue)
no-need-doc(Please explain why)
doc(If this PR contains doc changes)