Search Guard Suite 53.1
Release Date: 2022-03-31
This is a bug fix for a security issue in the DLS implementation of Search Guard.
Security Bug Fixes
Unauthorized access to single attribute values
A flaw was discovered in the DLS implementation where single attributes values could be exposed to a user, even if the user does not have privileges to access documents containing these attribute values.
Note: The flaw only exposed single attribute values, but not whole documents.
Affected Versions:
All Search Guard versions prior to 53.1.0.
Solution:
Update to Search Guard version 53.1.0.