Will there be a new release of 6.x version mitigating CVE-2020-7018


The CVE-2020-7018 has a fix in 7.9.0 version and the fix for users who couldn't update to this version is specified here Enterprise Search 7.9.0 security update

I wanted to know if there will be a new release fixing CVE-2020-7018 in 6.x version or the solution provided in the above link is the final one. If there is a release of 6.x version, when it will be released.


Hello Manjunath,

There is no 6.x version of Enterprise search.

CVE-2020-7018 affects Elastic Enterprise Search, not the Elastic Stack (which there is a 6.x version). If you are running Elastic Stack 6.x you do not need to take any actions for this particular vulnerability.

1 Like