Vulnerabilities in docker image elasticsearch/elasticsearch:7.17.8


we are using elasticsearch/elasticsearch:7.17.8 docker image.
We are getting few CVEs reported as high with the vulnerabilities scanning report.

CVE-2021-31684 -- nimbus-jose-jwt and json-smart
CVE-2020-36518 -- jackson-databind
CVE-2022-3509 -- protobuf-java
CVE-2021-40690 -- xmlsec
CVE-2022-43551 -- ubuntu
CVE-2022-3510 -- protobuf-java
CVE-2022-40152 -- woodstox-core
CVE-2021-37136 -- netty-codec
CVE-2022-41915 -- netty-codec-http
CVE-2020-8908 -- guava

Any suggestions how to fix these vulnerabilities ?

Thank you for your report.

Elastic's security reporting guidelines are available at Security issues | Elastic.

Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to

We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.

Just a note. The version you mentioned is not the latest of the 7.17 series. You should upgrade your version IMHO.

@dadoonet, as per this documentation Release notes | Elasticsearch Guide [7.17] | Elastic, seems 7.17.8 is the latest release on 7.17 series. Could you please help in point me if there is any new release available for 7.17 series.


@ikakavas, Thank you for the reply. I will email to

My bad. I misread your post sorry.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.