mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
a5d9c45dd3
This change removes the override of finalize in SecuredString to resolve a issue where the char[] can be cleared by the call in the finalize method but the char array is still being used. The specific issue that occurs is in the BCrypt usage of the SecuredString. A character is concatenated and then the utf8Bytes method is called. In most cases, the proper bytes are returned but occasionally the byte array is returned with only zeroes. This occurs under load and/or memory pressure and can be provoked by running BCryptTests with a small heap (12 - 16 megabytes) and the SecuredString implementation with the overridden finalize method. Closes elastic/elasticsearch#589 Original commit: elastic/x-pack-elasticsearch@fb6430ea9d
= Elasticsearch Security Plugin This plugins adds security features to elasticsearch You can build the plugin with `mvn package`. The documentation is put in the `docs/` directory.