Vulnerabilities in Elasticsearch 6.8.14 used by Jet

hazelcast / hazelcast-jet

Distributed Stream and Batch Processing

https://jet-start.sh

Other

1.1k stars 205 forks source link

Closed olukas closed 3 years ago

olukas commented 3 years ago

Jet Elastic 6 connector uses Elasticsearch 6.8.14 which includes following vulnerabilities:

CVE-2021-22144 - https://nvd.nist.gov/vuln/detail/CVE-2021-22144 (it should be fixed by version 6.8.17)
CVE-2021-22137 - https://nvd.nist.gov/vuln/detail/CVE-2021-22137 (it should be fixed by version 6.8.15)
CVE-2021-22135 - https://nvd.nist.gov/vuln/detail/CVE-2021-22135 (it should be fixed by version 6.8.15)

mmedenjak commented 3 years ago

I see the commit has been merged so I assume this issue can be fixed. @gurbuzali can you confirm?

gurbuzali commented 3 years ago

yes, closing