Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Aug 2020 21:17:34 +0000
From:      bugzilla-noreply@freebsd.org
To:        elastic@FreeBSD.org
Subject:   maintainer-feedback requested: [Bug 248761] textproc/elasticsearch6: Update to 6.8.12
Message-ID:  <bug-248761-37421-J5jNxemohK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-248761-37421@https.bugs.freebsd.org/bugzilla/>
References:  <bug-248761-37421@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-elastic (Nobod=
y)
<elastic@FreeBSD.org> for maintainer-feedback:
Bug 248761: textproc/elasticsearch6: Update to 6.8.12
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248761



--- Description ---
Hi,

please find the patch attached.

The main thing is fixed CVE-2020-7019

Changelog:
* Security updates:
  - A field disclosure flaw was found in Elasticsearch when running a scrol=
ling
search with field level security. If a user runs the same query another more
privileged user recently ran, the scrolling search can leak fields that sho=
uld
be hidden. This could result in an attacker gaining additional permissions
against a restricted index. All versions of Elasticsearch before 7.9.0 and
6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version
7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019

* Bug fixes:
  - CCR:
    - CCR recoveries using wrong setting for chunk sizes
    - Fix synchronization in ShardFollowNodeTask
    - Relax ShardFollowTasksExecutor validation
    - Set timeout of master node requests on follower to unbounded
  - Distributed:
    - Fix cluster health rest api wait_for_no_initializing_shards
  - Machine Learning:
    - Fix restoration of change detectors after seasonality


Testport result:
https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-def=
ault
/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log

Question is: What is the procedure of creating a proper vulnxml entry?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248761-37421-J5jNxemohK>