We are using 7.16.2 Version of ES and we Observed "License Banned" Nexus IQ Scan issue in 7.16.2 with Elastic Search where as ES 7.10.0 doesn't have this issue.
If We want go back to 7.10.0, In that version we observed that Log4j Vulnerability is there.
So, How to resolve this Nexus IQ Scan issue.
Please see Security issues | Elastic for these sorts of things;
Users and customers may report any other potential security issues to firstname.lastname@example.org. This address can be used for product security related inquiries or requests about other security topics that are not explicitly mentioned here. We can accept only security issues at this address. Bug reports should be directed to the bug database of the project you're reporting it on or raised to Elastic Support.
The last version of Elasticsearch released under the Apache license was indeed 7.10.2. This is no longer maintained and has not receved any security fixes.
If you are not able to use newer versions of Elasticsearch due to the license I would recommend having a look at Opensearch, which uses the Apache license. This started out as a fork of Elasticsearch 7.10.2 but is now a completely separate product that requires its own client libraries and is no longer compatible fully with Elasticsearch. Exactly how much you would need to change depends on how you are using and interacting with Elasticsearch.
OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.
(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.