Upgrade elastic client version to fix cve problems - Githubissues

reactiverse / elasticsearch-client

This client exposes the Elasticsearch Java High Level REST Client for Eclipse Vert.x applications.

Apache License 2.0

39 stars 9 forks source link

Upgrade elastic client version to fix cve problems #4

Closed vincentfree closed 4 years ago

vincentfree commented 4 years ago

Hi Julien,

like the last request #3 could you upgrade the library so CVE: CVE-2020-7009 can be mitigated. version 7.6.2 or higher should fix the problem.

jponge commented 4 years ago

Thanks, I'm looking into it

jponge commented 4 years ago

There is an issue with the RxJava2 bindings generation.

In the meantime I can release without IndicesClient @vincentfree

jponge commented 4 years ago

See https://github.com/vert-x3/vertx-rx/pull/228

vincentfree commented 4 years ago

Oh that would be great @jponge. This would at least fix the cve and I’m not using the IndicesClient so that would be a problem for me. Thanks again for picking it up so quickly 😊

jponge commented 4 years ago

You can use 0.8.2-ec7.6.2, it just misses the IndicesClient until the issue in vert-x3/vertx-rx#228 has been fixed.

vincentfree commented 4 years ago

I think the version hasn't been pushed to any public repo's has it?

jponge commented 4 years ago

I'm looking into it

jponge commented 4 years ago

I've just done a release, not sure why I hadn't done it when I tagged the release.

Sonatype OSS is a bit slow, but you should see the artefacts very soon.

vincentfree commented 4 years ago

Thank you Julien!