Hi,
As per NVD, the netty project 4.1.69 version present in readonlyrest-1.35.1_es7.10.0.zip is vulnerable.
Vulnerability Link:
Please look into this.
@Sagarika thanks for your report. It was fixed in ROR 1.37.0 (Download (UNIVERSAL) - ReadonlyREST)
1 Like
could you please let me know which Netty version is in ROR 1.37.0?
we’ve just released ROR 1.38.0. It uses netty 4.1.72
Thanks! Please clarify, what ES version(s) are supported by ROR 1.38.0.
On download link, this is not obvious at the moment.
@toomas11 when you pick Free Elasticsearch Plugin from the Select Product selector you should be able to see all supported versions
ROR supports ES starting from 6.0.0.
1 Like