elasticsearch-fips-9
Chainguard
Status
Impact
The commons-lang3 vulnerability cannot be upgraded from 3.17.0 to the fix version 3.18.0 as this causes tests to fail in elasticsearch-fips-9. The vulnerability exists in the bundled JAR within the Elasticsearch FIPS distribution at /usr/share/elasticsearch/modules/ingest-attachment/commons-lang3-3.17.0.jar and /usr/share/elasticsearch/modules/x-pack-ent-search/commons-lang3-3.9.jar. This requires an upstream Elasticsearch release with updated dependencies that pass all tests.
Status