https://access.redhat.com/security/cve/CVE-2021-43527 was made public on December 1 and is included in the Elasticsearch Docker images we release.
Unfortunately per https://hub.docker.com/_/elasticsearch the supported images are not compatible with the extra plugins we use. Using a later images isn't an option. Running updates at build time does also not resolve the problem. It is also unclear to me how serious this issue is in terms of Elasticsearch running, maybe it's not even affected (however NSS seems like it would be used by many components)
- roll a custom image based on something else. The 6.5.4 images doesn't look that complicated
- Start looking at something other than elasticsearch, but i guess it's very unclear how much of a drop-in solution this new OpenSearch alternative is?
Bump ElasticSearch to 6.8 or higher?Not possible because org.wikimedia.search:extra plugins are only available for 6.5.4