Release v. Next #252
Labels
enhancement
Increases software capabilities beyond original client specifications
Comments
mamccorm
added
the
enhancement
|
There wasn't really any substantive changes, weren't there? Are you looking for a specific fix that was made? On this note we could use a CHANGELOG like https://github.com/opensearch-project/opensearch-py/blob/main/CHANGELOG.md, maybe you'd be interested in contributing one so we can see easily what is ready to be released? |
|
Hi, can you build a new docker image (https://hub.docker.com/r/opensearchproject/logstash-oss-with-opensearch-output-plugin) based on the latest LOGSTASH_VERSION (https://www.docker.elastic.co/r/logstash/logstash-oss). |
|
Hey @dblock, there are currenrly 237 CVEs in the most recent image, which was last pushed 10 months ago: Scanned for vulnerabilities [237 vulnerability matches]
├── by severity: 3 critical, 25 high, 116 medium, 75 low, 9 negligible (9 unknown)
└── by status: 147 fixed, 90 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
amqp-client 5.16.0 5.18.0 java-archive GHSA-mm8h-8587-p46h Medium
avro 1.11.0 1.11.3 java-archive GHSA-rhrv-645h-fjfh High
bcpkix-jdk18on 1.71 1.73 java-archive GHSA-wjxj-5m7g-mg7q Medium
bcpkix-jdk18on 1.71 1.78 java-archive GHSA-v435-xc8x-wvr9 Medium
bcpkix-jdk18on 1.71 1.78 java-archive GHSA-m44j-cfrm-g8qc Medium
bcpkix-jdk18on 1.71 1.78 java-archive GHSA-8xfc-gm6g-vgpv Medium
bcprov-jdk18on 1.71 1.73 java-archive GHSA-wjxj-5m7g-mg7q Medium
bcprov-jdk18on 1.71 1.78 java-archive GHSA-v435-xc8x-wvr9 Medium
bcprov-jdk18on 1.71 1.78 java-archive GHSA-m44j-cfrm-g8qc Medium
bcprov-jdk18on 1.71 1.74 java-archive GHSA-hr8g-6v94-x4m9 Medium
bcprov-jdk18on 1.71 1.78 java-archive GHSA-8xfc-gm6g-vgpv Medium
bcprov-jdk18on 1.71 1.78 java-archive GHSA-4h8f-2wvx-gg5w Low
bctls-jdk18on 1.71 1.78 java-archive GHSA-v435-xc8x-wvr9 Medium
bctls-jdk18on 1.71 1.78 java-archive GHSA-m44j-cfrm-g8qc Medium
bctls-jdk18on 1.71 1.78 java-archive GHSA-8xfc-gm6g-vgpv Medium
bsdutils 1:2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
commons-io 2.2 2.7 java-archive GHSA-gwrp-pvrq-jmwv Medium
coreutils 8.30-3ubuntu2 deb CVE-2016-2781 Low
curl 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.22 deb CVE-2024-2398 Medium
curl 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.21 deb CVE-2023-46218 Medium
curl 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.20 deb CVE-2023-38546 Low
curl 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.19 deb CVE-2023-28322 Low
curl 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.19 deb CVE-2023-28321 Low
fdisk 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
gpgv 2.2.19-3ubuntu2.2 deb CVE-2022-3219 Low
guava 18.0 24.1.1-android java-archive GHSA-mvr2-9pj6-7w5j Medium
guava 18.0 32.0.0-android java-archive GHSA-7g45-4rm6-3mm3 Medium
guava 18.0 32.0.0-android java-archive GHSA-5mg8-w23w-74h3 Low
guava 31.1-jre 32.0.0-android java-archive GHSA-7g45-4rm6-3mm3 Medium
guava 31.1-jre 32.0.0-android java-archive GHSA-5mg8-w23w-74h3 Low
httpclient 4.3.5 4.3.6 java-archive GHSA-fmj5-wv96-r2ch Medium
httpclient 4.3.5 4.5.13 java-archive GHSA-7r82-7xv7-xcpj Medium
java/jdk 17.0.7+7 binary CVE-2024-20952 High
java/jdk 17.0.7+7 binary CVE-2024-20932 High
java/jdk 17.0.7+7 binary CVE-2024-20918 High
java/jdk 17.0.7+7 binary CVE-2023-25193 High
java/jdk 17.0.7+7 binary CVE-2024-20945 Medium
java/jdk 17.0.7+7 binary CVE-2024-20921 Medium
java/jdk 17.0.7+7 binary CVE-2024-20919 Medium
java/jdk 17.0.7+7 binary CVE-2024-21094 Low
java/jdk 17.0.7+7 binary CVE-2024-21068 Low
java/jdk 17.0.7+7 binary CVE-2024-21012 Low
java/jdk 17.0.7+7 binary CVE-2024-21011 Low
java/jdk 17.0.7+7 binary CVE-2023-22049 Low
java/jdk 17.0.7+7 binary CVE-2023-22045 Low
java/jdk 17.0.7+7 binary CVE-2023-22044 Low
java/jdk 17.0.7+7 binary CVE-2023-22036 Low
java/jdk 17.0.7+7 binary CVE-2023-22006 Low
java/jre 17.0.7+7 binary CVE-2024-20952 High
java/jre 17.0.7+7 binary CVE-2024-20932 High
java/jre 17.0.7+7 binary CVE-2024-20918 High
java/jre 17.0.7+7 binary CVE-2023-25193 High
java/jre 17.0.7+7 binary CVE-2024-20945 Medium
java/jre 17.0.7+7 binary CVE-2024-20921 Medium
java/jre 17.0.7+7 binary CVE-2024-20919 Medium
java/jre 17.0.7+7 binary CVE-2023-22041 Medium
java/jre 17.0.7+7 binary CVE-2024-21094 Low
java/jre 17.0.7+7 binary CVE-2024-21068 Low
java/jre 17.0.7+7 binary CVE-2024-21012 Low
java/jre 17.0.7+7 binary CVE-2024-21011 Low
jersey-common 2.33 2.34 java-archive GHSA-c43q-5hpj-4crv Medium
jsoup 1.7.2 1.14.2 java-archive GHSA-m72m-mhq2-9p6c High
jsoup 1.7.2 1.15.3 java-archive GHSA-gp7f-rwcx-9369 Medium
jsoup 1.7.2 1.8.3 java-archive GHSA-48rh-qgjr-xfj6 Medium
krb5-locales 1.17-6ubuntu4.3 deb CVE-2024-26462 Medium
krb5-locales 1.17-6ubuntu4.3 1.17-6ubuntu4.4 deb CVE-2023-36054 Medium
krb5-locales 1.17-6ubuntu4.3 deb CVE-2024-26461 Low
krb5-locales 1.17-6ubuntu4.3 deb CVE-2024-26458 Negligible
libblkid1 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33602 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33601 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33600 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33599 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.15 deb CVE-2024-2961 Medium
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4813 Low
libc-bin 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4806 Low
libc-bin 2.31-0ubuntu9.9 deb CVE-2016-20013 Negligible
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33602 Medium
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33601 Medium
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33600 Medium
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33599 Medium
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.15 deb CVE-2024-2961 Medium
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4813 Low
libc6 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4806 Low
libc6 2.31-0ubuntu9.9 deb CVE-2016-20013 Negligible
libcurl4 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.22 deb CVE-2024-2398 Medium
libcurl4 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.21 deb CVE-2023-46218 Medium
libcurl4 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.20 deb CVE-2023-38546 Low
libcurl4 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.19 deb CVE-2023-28322 Low
libcurl4 7.68.0-1ubuntu2.18 7.68.0-1ubuntu2.19 deb CVE-2023-28321 Low
libfdisk1 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
libgcrypt20 1.8.5-5ubuntu1.1 deb CVE-2024-2236 Medium
libgnutls30 3.6.13-2ubuntu1.8 3.6.13-2ubuntu1.11 deb CVE-2024-28834 Medium
libgnutls30 3.6.13-2ubuntu1.8 3.6.13-2ubuntu1.10 deb CVE-2024-0553 Medium
libgnutls30 3.6.13-2ubuntu1.8 3.6.13-2ubuntu1.9 deb CVE-2023-5981 Medium
libgssapi-krb5-2 1.17-6ubuntu4.3 deb CVE-2024-26462 Medium
libgssapi-krb5-2 1.17-6ubuntu4.3 1.17-6ubuntu4.4 deb CVE-2023-36054 Medium
libgssapi-krb5-2 1.17-6ubuntu4.3 deb CVE-2024-26461 Low
libgssapi-krb5-2 1.17-6ubuntu4.3 deb CVE-2024-26458 Negligible
libk5crypto3 1.17-6ubuntu4.3 deb CVE-2024-26462 Medium
libk5crypto3 1.17-6ubuntu4.3 1.17-6ubuntu4.4 deb CVE-2023-36054 Medium
libk5crypto3 1.17-6ubuntu4.3 deb CVE-2024-26461 Low
libk5crypto3 1.17-6ubuntu4.3 deb CVE-2024-26458 Negligible
libkrb5-3 1.17-6ubuntu4.3 deb CVE-2024-26462 Medium
libkrb5-3 1.17-6ubuntu4.3 1.17-6ubuntu4.4 deb CVE-2023-36054 Medium
libkrb5-3 1.17-6ubuntu4.3 deb CVE-2024-26461 Low
libkrb5-3 1.17-6ubuntu4.3 deb CVE-2024-26458 Negligible
libkrb5support0 1.17-6ubuntu4.3 deb CVE-2024-26462 Medium
libkrb5support0 1.17-6ubuntu4.3 1.17-6ubuntu4.4 deb CVE-2023-36054 Medium
libkrb5support0 1.17-6ubuntu4.3 deb CVE-2024-26461 Low
libkrb5support0 1.17-6ubuntu4.3 deb CVE-2024-26458 Negligible
libldap-2.4-2 2.4.49+dfsg-2ubuntu1.9 2.4.49+dfsg-2ubuntu1.10 deb CVE-2023-2953 Low
libldap-common 2.4.49+dfsg-2ubuntu1.9 2.4.49+dfsg-2ubuntu1.10 deb CVE-2023-2953 Low
liblzma5 5.2.4-1ubuntu1.1 deb CVE-2020-22916 Medium
libmount1 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
libncurses6 6.2-0ubuntu2.1 deb CVE-2023-50495 Low
libncurses6 6.2-0ubuntu2.1 deb CVE-2023-45918 Low
libncursesw6 6.2-0ubuntu2.1 deb CVE-2023-50495 Low
libncursesw6 6.2-0ubuntu2.1 deb CVE-2023-45918 Low
libnghttp2-14 1.40.0-1ubuntu0.1 1.40.0-1ubuntu0.3 deb CVE-2024-28182 Medium
libnghttp2-14 1.40.0-1ubuntu0.1 1.40.0-1ubuntu0.2 deb CVE-2023-44487 Medium
libpam-modules 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 deb CVE-2024-22365 Medium
libpam-modules-bin 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 deb CVE-2024-22365 Medium
libpam-runtime 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 deb CVE-2024-22365 Medium
libpam0g 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 deb CVE-2024-22365 Medium
libpcre3 2:8.39-12ubuntu0.1 deb CVE-2017-11164 Negligible
libprocps8 2:3.3.16-1ubuntu2.3 2:3.3.16-1ubuntu2.4 deb CVE-2023-4016 Low
libsmartcols1 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
libsqlite3-0 3.31.1-4ubuntu0.5 3.31.1-4ubuntu0.6 deb CVE-2023-7104 Medium
libssh-4 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.5 deb CVE-2023-6918 Medium
libssh-4 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.5 deb CVE-2023-6004 Medium
libssh-4 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.4 deb CVE-2023-48795 Medium
libssl1.1 1.1.1f-1ubuntu2.19 deb CVE-2024-4741 Low
libssl1.1 1.1.1f-1ubuntu2.19 deb CVE-2024-2511 Low
libssl1.1 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.21 deb CVE-2024-0727 Low
libssl1.1 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.21 deb CVE-2023-5678 Low
libssl1.1 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.20 deb CVE-2023-3817 Low
libssl1.1 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.20 deb CVE-2023-3446 Low
libsystemd0 245.4-4ubuntu3.22 deb CVE-2023-7008 Low
libsystemd0 245.4-4ubuntu3.22 deb CVE-2023-26604 Low
libtinfo6 6.2-0ubuntu2.1 deb CVE-2023-50495 Low
libtinfo6 6.2-0ubuntu2.1 deb CVE-2023-45918 Low
libudev1 245.4-4ubuntu3.22 deb CVE-2023-7008 Low
libudev1 245.4-4ubuntu3.22 deb CVE-2023-26604 Low
libuuid1 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33602 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33601 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33600 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.16 deb CVE-2024-33599 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.15 deb CVE-2024-2961 Medium
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4813 Low
locales 2.31-0ubuntu9.9 2.31-0ubuntu9.14 deb CVE-2023-4806 Low
locales 2.31-0ubuntu9.9 deb CVE-2016-20013 Negligible
login 1:4.8.1-1ubuntu5.20.04.4 1:4.8.1-1ubuntu5.20.04.5 deb CVE-2023-4641 Low
login 1:4.8.1-1ubuntu5.20.04.4 deb CVE-2023-29383 Low
login 1:4.8.1-1ubuntu5.20.04.4 deb CVE-2013-4235 Low
maven-compat 3.3.9 3.8.1 java-archive GHSA-2f88-5hg8-9x2x Critical
maven-core 3.3.9 3.8.1 java-archive GHSA-2f88-5hg8-9x2x Critical
mount 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
ncurses-base 6.2-0ubuntu2.1 deb CVE-2023-50495 Low
ncurses-base 6.2-0ubuntu2.1 deb CVE-2023-45918 Low
ncurses-bin 6.2-0ubuntu2.1 deb CVE-2023-50495 Low
ncurses-bin 6.2-0ubuntu2.1 deb CVE-2023-45918 Low
netty-codec-http 4.1.94.Final 4.1.108.Final java-archive GHSA-5jpm-x58v-624v Medium
nokogiri 1.13.10 1.15.6 gem GHSA-xc9x-jj77-9p9j Medium
nokogiri 1.13.10 1.15.6 gem GHSA-vcc3-rw6f-jv97 Medium
nokogiri 1.13.10 1.14.3 gem GHSA-pxvg-2qj5-37jq Medium
nokogiri 1.13.10 1.16.5 gem GHSA-r95h-9x8f-r3f7 Low
openssl 1.1.1f-1ubuntu2.19 deb CVE-2024-4741 Low
openssl 1.1.1f-1ubuntu2.19 deb CVE-2024-2511 Low
openssl 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.21 deb CVE-2024-0727 Low
openssl 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.21 deb CVE-2023-5678 Low
openssl 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.20 deb CVE-2023-3817 Low
openssl 1.1.1f-1ubuntu2.19 1.1.1f-1ubuntu2.20 deb CVE-2023-3446 Low
passwd 1:4.8.1-1ubuntu5.20.04.4 1:4.8.1-1ubuntu5.20.04.5 deb CVE-2023-4641 Low
passwd 1:4.8.1-1ubuntu5.20.04.4 deb CVE-2023-29383 Low
passwd 1:4.8.1-1ubuntu5.20.04.4 deb CVE-2013-4235 Low
perl-base 5.30.0-9ubuntu0.4 5.30.0-9ubuntu0.5 deb CVE-2023-47038 Medium
plexus-utils 3.0.22 3.0.24 java-archive GHSA-g6ph-x5wf-g337 High
plexus-utils 3.0.22 3.0.24 java-archive GHSA-jcwr-x25h-x5fh Medium
procps 2:3.3.16-1ubuntu2.3 2:3.3.16-1ubuntu2.4 deb CVE-2023-4016 Low
puma 5.6.6 5.6.7 gem GHSA-68xg-gqqm-vgj8 Critical
puma 5.6.6 5.6.8 gem GHSA-c2f4-cvqm-65w2 Medium
rack 2.2.7 2.2.8.1 gem GHSA-22f2-v57c-j9cx Medium
rack 2.2.7 2.2.8.1 gem GHSA-xj5v-6v4g-jfw6 Low
rack 2.2.7 2.2.8.1 gem GHSA-54rr-7fvw-6x8f Low
rdoc 6.3.3 6.3.4.1 gem GHSA-592j-995h-p23j High
rexml 3.2.5 3.2.7 gem GHSA-vg3r-rm7w-2xgh Medium
snakeyaml 1.33 2.0 java-archive GHSA-mjmj-j48q-9wg2 High
snappy-java 1.1.0.1 1.1.10.1 java-archive GHSA-qcwq-55hx-v3vh High
snappy-java 1.1.0.1 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
snappy-java 1.1.0.1 1.1.10.1 java-archive GHSA-pqr6-cmr2-h8hf Medium
snappy-java 1.1.0.1 1.1.10.1 java-archive GHSA-fjpj-2g6w-x25r Medium
snappy-java 1.1.8.4 1.1.10.1 java-archive GHSA-qcwq-55hx-v3vh High
snappy-java 1.1.8.4 1.1.10.4 java-archive GHSA-55g7-9cwv-5qfv High
snappy-java 1.1.8.4 1.1.10.1 java-archive GHSA-pqr6-cmr2-h8hf Medium
snappy-java 1.1.8.4 1.1.10.1 java-archive GHSA-fjpj-2g6w-x25r Medium
stdlib go1.20.6 go-module CVE-2023-45285 High
stdlib go1.20.6 go-module CVE-2023-44487 High
stdlib go1.20.6 go-module CVE-2023-39325 High
stdlib go1.20.6 go-module CVE-2023-39323 High
stdlib go1.20.6 go-module CVE-2023-39326 Medium
stdlib go1.20.6 go-module CVE-2023-39319 Medium
stdlib go1.20.6 go-module CVE-2023-39318 Medium
stdlib go1.20.6 go-module CVE-2023-29409 Medium
stdlib go1.20.6 go-module CVE-2024-24790 Unknown
stdlib go1.20.6 go-module CVE-2024-24789 Unknown
stdlib go1.20.6 go-module CVE-2024-24787 Unknown
stdlib go1.20.6 go-module CVE-2024-24785 Unknown
stdlib go1.20.6 go-module CVE-2024-24784 Unknown
stdlib go1.20.6 go-module CVE-2024-24783 Unknown
stdlib go1.20.6 go-module CVE-2023-45290 Unknown
stdlib go1.20.6 go-module CVE-2023-45289 Unknown
stdlib go1.20.6 go-module CVE-2023-45288 Unknown
tar 1.30+dfsg-7ubuntu0.20.04.3 1.30+dfsg-7ubuntu0.20.04.4 deb CVE-2023-39804 Medium
util-linux 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.5 deb CVE-2024-28085 Medium
xalan 2.7.2 2.7.3 java-archive GHSA-9339-86wc-4qgf High
A newer version of grype is available for download: 0.78.0 (installed version is 0.77.4)A lot of these look like they'd be remediated by rebuilding the image. Given there has been some activity in the repo as well as a long time since the last release / build cut, it'd be great to cut for that reason, or periodically re-trigger a re-build of the image |
|
There was a discussion in this in #230, which says we're not planning to make any new docker releases (cc: @dlvenable). But we should talk about it again. Maybe someone can help add automation for it in opensearch-build? |
|
Closing in favor of #230. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
The last release tag was cut back in Aug 2023. Since then theres been quite a few commits. Any plans to cut a new release tag to pickup these changes?
The text was updated successfully, but these errors were encountered: