Currently, there are 6 CVEs in opensearch-oci-object-storage caused by the opensearch version lingering at 1.2.4. This is caused by OCI Object storage's branching strategy.
There is already a discussion on how to deal with it here
Until a consensus is reached on whether we should move ahead with matching opensearch's branching strategy or move the entire repo into the core, we should upgrade the OS version to 1.3.8 to deal with the security concerns. We can revisit this once a decision is made.
What is the expected behavior?
Opensearch version to be upgraded to OS version 1.3.8 from 1.2.4 (fixing the CVEs).
What is your host/environment?
Operating system, version.
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
What is the bug?
Currently, there are 6 CVEs in opensearch-oci-object-storage caused by the opensearch version lingering at 1.2.4. This is caused by OCI Object storage's branching strategy.
There is already a discussion on how to deal with it here Until a consensus is reached on whether we should move ahead with matching opensearch's branching strategy or move the entire repo into the core, we should upgrade the OS version to 1.3.8 to deal with the security concerns. We can revisit this once a decision is made.
What is the expected behavior?
Opensearch version to be upgraded to OS version 1.3.8 from 1.2.4 (fixing the CVEs).
What is your host/environment?
Operating system, version.
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.