Closed lions1988 closed 11 months ago
Thanks for reporting @lions1988, next version should have updated dependencies.
Hi @lions1988,
Just updating that the next version is going to be released with ES 7.17.7 - which should eliminate these issues. If you are aware of issues in that version, we would be happy to hear, so we can verify these are mitigated by the application.
Hey @lions1988! v1.10 is now out with ES 7.17.7
Congrats on the release, I look forward to testing it and rolling it out.
Just a small comment;
There is a typo in the current changelog for clearml-server version 1.10 the changelog references elasticsearch version 1.17.7
instead of 7.17.7
Thanks @AH-Merii! Fixed 🙂
Nessus scanners identified vulnerable log4j libraries in ES image
ClearML server version: 1.9.2 (latest) ES image: 7.16.2
Path : /usr/share/elasticsearch/lib/elasticsearch-log4j-7.16.2.jar Installed version : 2.17.0 Fixed version : 2.17.1
Path : /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.16.2.jar Installed version : 2.17.0 Fixed version : 2.17.1
Nessus plugin: https://www.tenable.com/plugins/nessus/156327
I can confirm nessus scans are clean within latest ES 7.* (7.17.19)