Skip to content

Commit

Permalink
Remove xmlsec deletion (DataBiosphere/azul-private#107, DataBiosphere…
Browse files Browse the repository at this point in the history 
…/azul#6570)

xmlsec was updated to 2.2.6 in elasticsearch 7.17.24, and no longer has the CVE-2021-40690 vulnerability that xmlsec 2.1.4 had
  • Loading branch information
@dsotirho-ucsc
dsotirho-ucsc committed Sep 17, 2024
1 parent 86d38b8 commit c7234ed
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ ARG azul_docker_elasticsearch_internal_version

RUN apt-get update && apt-get upgrade -y

# https://nvd.nist.gov/vuln/detail/CVE-2021-40690
RUN rm /usr/share/elasticsearch/modules/x-pack-{identity-provider,security}/xmlsec-2.1.4.jar

# https://nvd.nist.gov/vuln/detail/CVE-2023-1370
RUN rm /usr/share/elasticsearch/modules/x-pack-security/nimbus-jose-jwt-9.23.jar

Expand Down

0 comments on commit c7234ed

Please sign in to comment.