Hello! I hope you are well. My team recently ran AWS ECR Inspector on our elasticsearch docker image and Inspector stated our image contains this vulnerability: CVE-2025-58057 (can’t link to the host, but it is an issue with Netty). I tried searching the forums and can’t find anything about this. It states that netty has to be updated to mitigate the issue. Is there any guidance from elasticsearch on this? Please inform me if it would instead be preferred for me to contact anyone else about this. Thank you!
Which version of Elasticsearch are you using? If this is not the latest one, have you checked whether the issue still persists in the latest version?
Also note that security issues are not discussed publicly in these forums.Please look here for further details and a way to contact Elastic directly around this issue.