Elasticsearch version 7.16.2 is not supported in Lando 3.6.0

wunderio / drupal-project

Wunder's template for Drupal projects designed to work automatically with Lando, CircleCI and Helm.

GNU General Public License v2.0

35 stars 6 forks source link

Elasticsearch version 7.16.2 is not supported in Lando 3.6.0 #249

Closed tormi closed 2 years ago

tormi commented 2 years ago

Lando's Elasticsearch setup doesn't support the latest ES version 7.16.2. See also cve-2021-45046 - Upgrade to log4j 2.16, https://github.com/elastic/elasticsearch/issues/81867.

.lando.yml

services:
  elasticsearch:
    type: "elasticsearch:7"

gives 'BITNAMI_IMAGE_VERSION=7.6.1-debian-10-r15'

We have 7.12.0 ATM:

services:
  elasticsearch:
    type: "elasticsearch:7.12.0"

badrange commented 2 years ago

Looks like the upcoming version of Lando will support a newer version of elasticsearch, let's hope they get it out the door soon. In the meantime you/we could use a dev version of lando.

https://github.com/lando/elasticsearch/blob/main/services/elasticsearch/builder.js

tormi commented 2 years ago

Yes, the new version should come out later today.

badrange commented 2 years ago

Took almost a week, but now it is out @tormi https://github.com/lando/lando/releases/tag/v3.6.1

tormi commented 2 years ago

Tested and filed couple of issues:

tormi commented 2 years ago

To resolve the #254 (setting [xpack.security.enabled] to [true]) we need to resolve #255 first.