elasticsearch-fips-8
Chainguard
Status
Impact
The commons-lang3 vulnerability cannot be upgraded from 3.17.0 to the fix version 3.18.0 as this causes tests to fail in elasticsearch-fips-8. The vulnerability exists in the bundled JAR within the Elasticsearch FIPS distribution at /usr/share/elasticsearch/modules/ingest-attachment/commons-lang3-3.17.0.jar. This requires an upstream Elasticsearch release with updated dependencies that pass all tests.
Status