<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:51 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3535] Upgrade bitnami/elasticsearch:7.10.2</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3535</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-ansible/blob/2f835c17933ebf9529038d121f9b73237a57c94c/roles/elasticsearch/defaults/main.yml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-ansible/blob/2f835c17933ebf9529038d121f9b73237a57c94c/roles/elasticsearch/defaults/main.yml&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;sets&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
elasticsearch_version: 7.10.2
elasticsearch_image: docker.io/bitnami/elasticsearch
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;The version 7.10 has reached end of life on 2022-05-11: &lt;a href=&quot;https://www.elastic.co/support/eol&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.elastic.co/support/eol&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Docker Hub reports that the container has the Log4Shell vulnerability: &lt;a href=&quot;https://hub.docker.com/layers/elasticsearch/bitnami/elasticsearch/7.10.2/images/sha256-73128f92f1d370b782a32928c569772bd7563d54b39b0a11d27269ae4494c593?context=explore&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://hub.docker.com/layers/elasticsearch/bitnami/elasticsearch/7.10.2/images/sha256-73128f92f1d370b782a32928c569772bd7563d54b39b0a11d27269ae4494c593?context=explore&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Snyk reports that the container has many vulnerable packages, the most severe issues are&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2933515&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2933515&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-2433934&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-2433934&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2388381&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2388381&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;elasticsearch 7.10 is the last version under Apache 2.0 license. Later versions have a proprietary license.&lt;/p&gt;

&lt;p&gt;The mod-search module has switched the server used to test against from elasticsearch to the fork opensearch that remains under Apache 2.0 license (
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MSEARCH-357&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MSEARCH-357&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;OpenSearch fixing Elasticsearch XSS, DoS, Missing Authorization, Information Exposure&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MSEARCH-357
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
): &lt;a href=&quot;https://github.com/folio-org/mod-search/blob/master/docker/elasticsearch/Dockerfile&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-search/blob/eda45253d6cc7eb42b968ce0a8fe0193ed967b52/docker/opensearch/Dockerfile&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="79739">FOLIO-3535</key>
            <summary>Upgrade bitnami/elasticsearch:7.10.2</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>reviewed</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Wed, 6 Jul 2022 15:51:28 +0000</created>
                <updated>Thu, 18 Jan 2024 16:38:12 +0000</updated>
                                                                            <component>Continuous Integration</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="189845" author="5cf6c546b87c300f36eb7b9a" created="Thu, 7 Jul 2022 15:22:30 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ade4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; class=&quot;user-hover&quot; rel=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; data-account-id=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; accountid=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; rel=&quot;noreferrer&quot;&gt;Taras Spashchenko&lt;/a&gt; / &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ac3364f7ddadd4a9df5cfc0&quot; class=&quot;user-hover&quot; rel=&quot;5ac3364f7ddadd4a9df5cfc0&quot; data-account-id=&quot;5ac3364f7ddadd4a9df5cfc0&quot; accountid=&quot;5ac3364f7ddadd4a9df5cfc0&quot; rel=&quot;noreferrer&quot;&gt;oleksandr_haimanov&lt;/a&gt; the Security team wanted to make sure this was on the Kitfox radar.  If it can&apos;t be done in this sprint, that&apos;s OK, but it should be done soon&lt;/p&gt;</comment>
                                                            <comment id="189847" author="5ee89462f7aa140abd82d11d" created="Fri, 9 Sep 2022 16:05:58 +0000"  >&lt;p&gt;As of today this is the list of search engines versions that the vendors endorse for production use:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Elasticsearch 7.17.6&lt;/li&gt;
	&lt;li&gt;Elasticsearch 8.4.1&lt;/li&gt;
	&lt;li&gt;OpenSearch 1.3.5&lt;/li&gt;
	&lt;li&gt;OpenSearch 2.2.1&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;For details see&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://www.elastic.co/support/eol#elasticsearch&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.elastic.co/support/eol#elasticsearch&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://www.elastic.co/support_policy#7&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.elastic.co/support_policy#7&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://opensearch.org/releases.html#maintenance-policy&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://opensearch.org/releases.html#maintenance-policy&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://opensearch.org/lines/1x.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://opensearch.org/lines/1x.html&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://opensearch.org/lines/2x.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://opensearch.org/lines/2x.html&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                                                            <comment id="189848" author="5ee89462f7aa140abd82d11d" created="Fri, 16 Sep 2022 11:04:03 +0000"  >&lt;p&gt;Volodymyr Kartsev wrote:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;We discussed with the team &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3535&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/FOLIO-3535&lt;/a&gt; and it looks like responsibilities of Snapshot envs and pipelines is not in scope of responsibilities of Kitfox team.&lt;br/&gt;
Please, discuss it with your team and assign the ticket to appropriate member.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="29001">MSEARCH-357</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzx1ar:i</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="609">Kitfox: sprint 146</customfieldvalue>
    <customfieldvalue id="1897">DevOps Requests</customfieldvalue>
    <customfieldvalue id="236">Kitfox: sprint 165</customfieldvalue>
    <customfieldvalue id="1836">Kitfox: sprint 145</customfieldvalue>
    <customfieldvalue id="1839">Kitfox: sprint 148</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 7 Jul 2022 15:22:30 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>