Closed christiangierschner closed 3 months ago
ymarcon
commented
1 year ago Yes we know that... The problem is that since ES5 (that just followed 2.4), ES could not be embedded in a java application anymore. We could have done like with Mica: abstract the ES API and make a plugin for higher versions of ES but some of the search features opal is using have been removed. There is quite some refactoring work then.
christiangierschner
commented
1 year ago so, remove the automatic install and the dependency or does opal just not work without opel-search-es?
ymarcon
commented
1 year ago You can stop the search service, and verify how opal behaves.
ymarcon
commented
3 months ago Fixed by obiba/opal#3893
Hi...
recently there was a elasticsearch CVE...i then checked all elasticsearch occurences in our environment and found a very very old elasticsearch version (2.4.5) in our recent OPAL server (4.5.8)
in your installation docs you say:
Because having a search engine is an absolute requirement, Opal server will check at startup that there is a plugin of type opal-search and if it’s not the case, the latest version of the [opal-search-es](https://github.com/obiba/opal-search-es/releases) plugin (that applies to the current Opal server version) will be automatically downloaded and installed without needing a server restart. If for any reason this plugin cannot be automatically downloaded (network issue), the Opal start-up will fail and you will need to install the plugin manually.this is the line from your Dockerfile in which you install opal-search-es
The Plugin itself was last updated 2 years ago...
Could you please update all of your plugins to the most recent safe-to-use versions because of the requirement that a deprecated search plugin has to be installed in the server deployment...
Or remove the opal-search-es dependency...