stockholmux
commented
2 years ago @rhadw 1.13.3 was an emergency fix for log4j - that was the only priority. Any additional fixes would have to go into an additional release.
Open rhadw opened 2 years ago
stockholmux
commented
2 years ago @rhadw 1.13.3 was an emergency fix for log4j - that was the only priority. Any additional fixes would have to go into an additional release.
FirstWhack
commented
2 years ago Cannot answer until we get the source for 1.13.3.
Was this image deployed from the 1.13.3-test branch???
madhavs
commented
2 years ago We see performance-analyzer still has reference to log4j-core-2.13.0.jar - can we get a build updating the all the log4j jar files to a version without the vuln?
Query Integrate all patches/fixes which are production ready.
Expected Behavior I would like to integrate all minor changes or at least the most annoying of them in the security patch for log4j. This is an important fix which should have been present in the latest release but isn't: https://github.com/opendistro-for-elasticsearch/index-management/issues/448 - it's regarding applying only the first 10 policies because of a search issue. An example would be this https://github.com/opendistro-for-elasticsearch/opendistro-build/issues/763 regarding continous tenant selection message
Current Behavior No fixes/patches since v1.13...
Failure Information (for bugs) This is an important fix which should have been present in the latest release but isn't: https://github.com/opendistro-for-elasticsearch/index-management/issues/448 - it's regarding applying only the first 10 policies because of a search issue.