honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Security Advisory to 7.10.2 release notes (#67605) 

- Update docs/reference/release-notes/7.10.asciidoc

Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
This commit is contained in:
Rene Groeschke 2021-01-18 10:39:26 +01:00 committed by GitHub
parent 69752d4ead
commit 80b8b23b8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/reference/release-notes/7.10.asciidoc
View File

@ -3,6 +3,18 @@
Also see <<breaking-changes-7.10,Breaking changes in 7.10>>.
[discrete]
[[security-updates-7.10.2]]
=== Security updates
* An information disclosure flaw was found in the {es} async search API.
Users who execute an async search will store the HTTP headers.
A user with the ability to read the `.tasks` index could obtain
sensitive request headers of other users in the cluster.
All versions of {es} between 7.7.0 and 7.10.1 are affected by this flaw.
You must upgrade to {es} version 7.10.2 to obtain the fix.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22132[CVE-2021-22132]
[[bug-7.10.2]]
[float]
=== Bug fixes