The following issues may affect your Liferay-Elastic stack.

Vulnerability Information

Elasticsearch Insertion of Sensitive Information into Log File (ESA-2023-29, CVE-2023-49921)

https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179

Kibana Insertion of Sensitive Information into Log File (ESA-2023-27, CVE-2023-46675)

https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182

Additional Information

Liferay's out-of-the-box features are not using Elasticsearch's X-Pack alerts and Watcher affected by CVE-2023-49921.

Search Engine Compatibility

As usual, Liferay recommends to its customers to upgrade their production Elastic stack to the latest available and compatible release of 7.x/8.x. Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required update/patch levels.

---

• Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.