Vulnerability in High level client fixed in Elasticsearch 7.11.0, when in OpenSearch?

Vulnerability 1: this async search vulnerability is related to ELv2 Elastic licensed code; not OpenSearch. The async search API was licensed ALv2 but it was removed in PR#10, because the implementation is licensed ELv2.

Vulnerability 2: this Document and Field Level Security vulnerability is in licensed ELv2 code and was removed (along w/ HLRC) in OpenSearch in PR#16

Vulnerability 3: this Document and Field Level Security vulnerability is in licensed ELv2 code and was removed (along w/ HLRC) in OpenSearch in PR#16

1 Like