Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Aug 2020 21:17:34 +0000
From:      bugzilla-noreply@freebsd.org
To:        elastic@FreeBSD.org
Subject:   [Bug 248761] textproc/elasticsearch6: Update to 6.8.12
Message-ID:  <bug-248761-37421@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248761

            Bug ID: 248761
           Summary: textproc/elasticsearch6: Update to 6.8.12
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.elastic.co/guide/en/elasticsearch/referenc
                    e/6.8/release-notes-6.8.12.html
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: elastic@FreeBSD.org
          Reporter: juraj@lutter.sk
             Flags: maintainer-feedback?(elastic@FreeBSD.org)
          Assignee: elastic@FreeBSD.org
 Attachment #217354 maintainer-approval+
             Flags:

Created attachment 217354
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D217354&action=
=3Dedit
textproc/elasticsearch6: Update to 6.8.12

Hi,

please find the patch attached.

The main thing is fixed CVE-2020-7019

Changelog:
* Security updates:
  - A field disclosure flaw was found in Elasticsearch when running a scrol=
ling
search with field level security. If a user runs the same query another more
privileged user recently ran, the scrolling search can leak fields that sho=
uld
be hidden. This could result in an attacker gaining additional permissions
against a restricted index. All versions of Elasticsearch before 7.9.0 and
6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version
7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019

* Bug fixes:
  - CCR:
    - CCR recoveries using wrong setting for chunk sizes
    - Fix synchronization in ShardFollowNodeTask
    - Relax ShardFollowTasksExecutor validation
    - Set timeout of master node requests on follower to unbounded
  - Distributed:
    - Fix cluster health rest api wait_for_no_initializing_shards
  - Machine Learning:
    - Fix restoration of change detectors after seasonality


Testport result:
https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-def=
ault/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log

Question is: What is the procedure of creating a proper vulnxml entry?

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248761-37421>