Hi all
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have a vulnerability in
the Groovy scripting engine. The vulnerability allows an attacker to
construct Groovy scripts that escape the sandbox and execute shell commands
as the user running the Elasticsearch Java VM.
We have released Elasticsearch 1.3.8 and 1.4.3 to address this issue.
Please read the blogpost and either upgrade or update your config to
disable dynamic Groovy scripting:
thanks
Clint
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cb811038-becb-45a6-bff7-c268d4e3fd78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.