CVE-2021-22132: Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2 Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9b2e6e23c3cf888715e54938307ebb6713ebaea commit b9b2e6e23c3cf888715e54938307ebb6713ebaea Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-01-15 16:26:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-21 23:22:55 +0000 app-misc/elasticsearch: bump to 7.10.2, drop old Bug: https://bugs.gentoo.org/765496 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-misc/elasticsearch/Manifest | 4 ++-- .../{elasticsearch-7.10.0.ebuild => elasticsearch-7.10.2.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
All done, thanks!