Security
The following has evaluated to null or missing:
==> parentCategory.id [in template "template_id" at line 189, column 201]
----
Tip: It's the step after the last dot that caused this error, not those before it.
----
Tip: If the failing expression is known to legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use [#if myOptionalVar??]when-present[#else]when-missing[/#if]. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)??
----
----
FTL stack trace ("~" means nesting-related):
- Failed at: ${parentCategory.id} [in template "template_id" at line 189, column 199]
----
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23713
The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.
Deployments which might be impacted
- Kibana versions 7.0.0 through 7.17.4
Vulnerability Information
Kibana cross-site-scripting (XSS) issue (ESA-2022-08)
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
Affected Versions:
Versions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3
Solutions and Mitigations:
The issue is fixed in versions 8.3.0 and 7.17.5.
If you are unable to upgrade, you can select to disable Vega visualizations :
For on premise installations, you can set vis_type_vega.enabled: false (or vega.enabled: false for Kibana versions older than 7.7.0) in kibana.yml file.
CVSSv3:
6.4 (Medium) - AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVE ID: CVE-2022-23713
Search Engine Compatibility Matrix
Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.
Vendor References
https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613
Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.