honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Add security updates to release notes (#61288) (#61296)

This commit is contained in:
Lisa Cawley 2020-08-18 12:00:21 -07:00 committed by GitHub
parent 96256bd4df
commit b120368aee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/reference/release-notes/7.9.asciidoc
View File

@ -3,6 +3,18 @@
Also see <<breaking-changes-7.9,Breaking changes in 7.9>>.
[float]
[[security-updates-7.9.0]]
=== Security updates
* A field disclosure flaw was found in {es} when running a scrolling search with
field level security. If a user runs the same query another more privileged user
recently ran, the scrolling search can leak fields that should be hidden. This
could result in an attacker gaining additional permissions against a restricted
index. All versions of {es} before 7.9.0 and 6.8.12 are affected by this flaw.
You must upgrade to {es} version 7.9.0 or 6.8.12 to obtain the fix.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7019[CVE-2020-7019]
[[known-issues-7.9.0]]
[discrete]
=== Known issues