Changelog for Search Guard 7.x-41.0.0

Release Date: 05.05.2020

Features

Fixes

  • Signals: Broken InternalAuthTokenProvider due to all nodes believing they are master on startup
    • During Signals startup, under certain circumstances, more than one node may start to create Signals indices
    • This has no runtime impact, but leads to exceptions in the logs
    • Tracking number: SGD-225

  • Signals: Painless whitelist and Mustache map attributes disagree about the structure of SeverityMapping.EvaluationResult
    • Tracking number: SGD-452

  • Signals: Monthly trigger allows only to configure the day of month 1 to 12
    • Tracking number: SGD-449

  • Update Jackson Databind
    • Jackson reports a security vulnerability which affects jackson-databind-2.8.11.1
    • Search Guard is not affected by this vulnerability:
      • No direct input from untrusted sources, no polymorphic type deserialisation, not use of “gadget types” in JSON POJOs
    • Jackson has been upgraded nonetheless in Search Guard and the TLS Tool

Security Fixes

  • n/a