[
https://issues.apache.org/jira/browse/NIFI-11686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17734347#comment-17734347
]
Chris Sampson commented on NIFI-11686:
--------------------------------------
As noted within the pom, such an upgrade will likely break connectivity to
non-Elastic based Elasticsearch services (e.g. AWS OpenSearch).
What CVE are you attempting to mitigate with this change and does it really
impact this library (as opposed to the elasticsearch server, which nifi doesn't
use)?
If updating the the client library is necessary, why only to 7.17.10 instead of
the latest 8.8.1?
> Update elasticsearch.client.version to 7.17.10
> ----------------------------------------------
>
> Key: NIFI-11686
> URL: https://issues.apache.org/jira/browse/NIFI-11686
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.22.0
> Reporter: Mike R
> Assignee: Jeyassri Balachandran
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Update elasticsearch.client.version to 7.17.10
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
