we are using elasticsearch/elasticsearch:7.17.8 docker image.
We are getting few CVEs reported as high with the vulnerabilities scanning report.
CVE-2021-31684 -- nimbus-jose-jwt and json-smart
CVE-2020-36518 -- jackson-databind
CVE-2022-3509 -- protobuf-java
CVE-2021-40690 -- xmlsec
CVE-2022-43551 -- ubuntu
CVE-2022-3510 -- protobuf-java
CVE-2022-40152 -- woodstox-core
CVE-2021-37136 -- netty-codec
CVE-2022-41915 -- netty-codec-http
CVE-2020-8908 -- guava
Any suggestions how to fix these vulnerabilities ?
Thank you for your report.
Elastic's security reporting guidelines are available at Security issues | Elastic.
Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to firstname.lastname@example.org.
We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.
Just a note. The version you mentioned is not the latest of the 7.17 series. You should upgrade your version IMHO.
@dadoonet, as per this documentation Release notes | Elasticsearch Guide [7.17] | Elastic, seems 7.17.8 is the latest release on 7.17 series. Could you please help in point me if there is any new release available for 7.17 series.
@ikakavas, Thank you for the reply. I will email to email@example.com.
My bad. I misread your post sorry.