Hi,
The CVE-2020-7018 has a fix in 7.9.0 version and the fix for users who couldn't update to this version is specified here Enterprise Search 7.9.0 security update
I wanted to know if there will be a new release fixing CVE-2020-7018 in 6.x version or the solution provided in the above link is the final one. If there is a release of 6.x version, when it will be released.
Regards,
Manjunath
Hello Manjunath,
There is no 6.x version of Enterprise search.
CVE-2020-7018 affects Elastic Enterprise Search, not the Elastic Stack (which there is a 6.x version). If you are running Elastic Stack 6.x you do not need to take any actions for this particular vulnerability.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.