We would like to announce security bugfix releases of Elasticsearch 1.5.2 and Elasticsearch 1.4.5, both based on Lucene 4.10.4. You can download them and read the full changes list here:
THESE RELEASES FIX A DIRECTORY TRAVERSAL VULNERABILITY. WE ADVISE ALL USERS TO UPGRADE.
For blog posts about past releases see:
All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed when a “site plugin" is installed. Elastic's Marvel plugin and many community-sponsored plugins (e.g. Kopf, BigDesk, Head) are site plugins. Elastic Shield, Licensing, Cloud-AWS, Cloud-GCE, Cloud-Azure, the analysis plugins, and the river plugins are not site plugins.
We have been assigned CVE-2015-3337 for this issue.
Versions 1.5.2 and 1.4.5 have addressed this vulnerability, and we advise all users to upgrade.
Users that do not want to upgrade can address the vulnerability in several ways, but these options will break any site plugin:
elasticsearch.ymlconfig file on any node with a site plugin, and restart the Elasticsearch node.
Use a firewall or proxy to block HTTP requests to
- Uninstall all site plugins from all Elasticsearch nodes.
Thanks to John Heasman of DocuSign for reporting this issue.
Other notable changes
- Indexed scripts and templates are properly removed from the cache when overwritten or deleted.
- There have been a number of geo-shape fixes, including an important precision fix when using
- Default mappings in index templates are now taken into account during bulk indexing.
- Shadow replicas are now more resilient to file system latency, and support smoother relocation of the primary shard.
- A mapping refresh loop when using geo-contexts in the completion suggester has been fixed.
Some important changes have been back-ported to v1.4.5:
- Merges are enabled on the recovering shard for faster recovery of big shards.
- Graceful handling of truncated translogs.
- Throttling of delete-by-query when merges falling behind.