ES 6.8.8 Security Upgrade from CVE missing modules

Due to the recent CVE-2020-7009 and from the ES recommendation, we are trying to upgrade from 6.8.2 to 6.8.8. However, on the Maven Repo, I see that some of the modules such as org.codelibs.elasticsearch.module:analysis-common and org.codelibs.elasticsearch.lib:plugin-classloader only have versions till 6.8.6.

Will 6.8.8 be released for these modules soon? Should we wait to upgrade till these versions are released or is there a workaround?

This is not an official elasticsearch dependency with the org.codelibs prefix. You may want to ping the respective maintainers of that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.