The following issues may affect your Liferay-Elastic stack.

Vulnerability Information

Elasticsearch Uncaught Exception (CVE-2024-23449, ESA-2024-05)

Refer to https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458 for details and mitigation.

Additional Information

Liferay's out-of-the-box features are not using Elasticsearch's attachment processor.

Search Engine Compatibility

As usual, Liferay recommends to its customers to upgrade their production Elastic stack to the latest available and compatible release of 7.x/8.x. Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required update/patch levels.

---

• Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.