Search Guard Suite 52.3
Release Date: 2021-09-16
This is a bug fix release for Search Guard 52.
enable_start_tls option for
ldap authcz module
enable_start_tls option of the
ldap authcz module was unreliable in earlier versions of Search Guard: If the
ldap authcz module was configured with
enable_start_tls: true, it would not upgrade the connection to TLS in some cases. If the LDAP server also accepted commands over unencrypted connections, this would have caused user names and passwords to be transmitted over unencrypted connections between an Elasticsearch node running Search Guard and the LDAP server. If the LDAP server refused commands over unencrypted connections, authentication would just fail.