Security

Voltar para Security Alert

Elasticsearch and Liferay Enterprise Search Security Advisory: April 28, 2021

Elasticsearch Insertion of Sensitive Information into Log File (ESA-2023-29, CVE-2023-49921)

The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.

https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179

Kibana Insertion of Sensitive Information into Log File (ESA-2023-27, CVE-2023-46675)

https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182

Additional Information

Liferay's out-of-the-box features are not using Elasticsearch's X-Pack alerts and Watcher affected by CVE-2023-49921.

Search Engine Compatibility

As usual, Liferay recommends to its customers to upgrade their production Elastic stack to the latest available and compatible release of 7.x/8.x. Reference the information here

Deployments which might be impacted for the detailed Elasticsearch compatibility including the compatible connector versions and required update/patch levels.