Do these security vulnerabilities apply to the OSS distributions of Elasticsearch?
From https://www.elastic.co/community/security/
Thanks
For the first one it applies only on enterprise version see : Elastic Stack 7.9.3 and 6.8.13 Security Update
I suggest you to dig a bit more for the others since it's a interesting question.
I wonder how they manage oss and enterprise security
The OSS version does not come with any security at all, which in itself is a big vulnerability.
Thanks. Some say "All versions of Elasticsearch before 7.9.2 and 6.8.13 are affected by this flaw" but I don't see how that can be the case if using OSS
Can you create a CVE for a system without security? If you care about security you should not run a vanilla OSS Elasticsearch cluster.
These only affect Elasticsearch running with security enabled, they do not affect the OSS version.
As pointed out, I would suggest using our free security
Thanks for confirming. A long story but it's specifically the OSS distribution I needed to know about just now. All the points re security otherwise are valid and we are aware of the options.
Thanks for the comments everyone. Much appreciated.