maintainer-feedback requested: [Bug 248761] textproc/elasticsearch6: Update to 6.8.12
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Aug 19 21:17:35 UTC 2020
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-elastic (Nobody)
<elastic at FreeBSD.org> for maintainer-feedback:
Bug 248761: textproc/elasticsearch6: Update to 6.8.12
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248761
--- Description ---
Hi,
please find the patch attached.
The main thing is fixed CVE-2020-7019
Changelog:
* Security updates:
- A field disclosure flaw was found in Elasticsearch when running a scrolling
search with field level security. If a user runs the same query another more
privileged user recently ran, the scrolling search can leak fields that should
be hidden. This could result in an attacker gaining additional permissions
against a restricted index. All versions of Elasticsearch before 7.9.0 and
6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version
7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019
* Bug fixes:
- CCR:
- CCR recoveries using wrong setting for chunk sizes
- Fix synchronization in ShardFollowNodeTask
- Relax ShardFollowTasksExecutor validation
- Set timeout of master node requests on follower to unbounded
- Distributed:
- Fix cluster health rest api wait_for_no_initializing_shards
- Machine Learning:
- Fix restoration of change detectors after seasonality
Testport result:
https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-default
/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log
Question is: What is the procedure of creating a proper vulnxml entry?
More information about the freebsd-elastic
mailing list