ClearML/clearml-server
1
0
Fork 0
mirror of https://github.com/clearml/clearml-server synced 2025-03-03 10:43:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update ES version to 7.16.2

Browse Source
This commit is contained in:
allegroai 2021-12-22 13:53:34 +02:00
parent d0e2313a24
commit 1502e02a1a
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -25,7 +25,7 @@ due to Elasticsearchs usage of the Java Security Manager.
**As the latest version of ClearML Server uses Elasticsearch 7.10+ with JDK15, it is not affected by these vulnerabilities.** **As the latest version of ClearML Server uses Elasticsearch 7.10+ with JDK15, it is not affected by these vulnerabilities.**
As a precaution, we've added the mitigation recommended by ElasticSearch to our latest [docker-compose.yml](https://github.com/allegroai/clearml-server/blob/cfccbe05c158b75e520581f86e9668291da5c70a/docker/docker-compose.yml#L42) file. As a precaution, we've upgraded the ES version to 7.16.2 and added the mitigation recommended by ElasticSearch to our latest [docker-compose.yml](https://github.com/allegroai/clearml-server/blob/cfccbe05c158b75e520581f86e9668291da5c70a/docker/docker-compose.yml#L42) file.
While previous Elasticsearch versions (5.6.11+, 6.4.0+ and 7.0.0+) used by older ClearML Server versions are only susceptible to the information leakage vulnerability While previous Elasticsearch versions (5.6.11+, 6.4.0+ and 7.0.0+) used by older ClearML Server versions are only susceptible to the information leakage vulnerability
(which in any case **does not permit access to data within the Elasticsearch cluster**), (which in any case **does not permit access to data within the Elasticsearch cluster**),
@ -35,6 +35,8 @@ we still recommend upgrading to the latest version of ClearML Server. Alternativ
**Update 15 December**: A further vulnerability (CVE-2021-45046) was disclosed on December 14th. **Update 15 December**: A further vulnerability (CVE-2021-45046) was disclosed on December 14th.
ElasticSearch's guidance for Elasticsearch remains unchanged by this new vulnerability, thus **not affecting ClearML Server**. ElasticSearch's guidance for Elasticsearch remains unchanged by this new vulnerability, thus **not affecting ClearML Server**.
**Update 22 December**: To keep with ElasticSearch's recommendations, we've upgraded the ES version to the newly released 7.16.2
--- ---
## ClearML Server ## ClearML Server

6
docker/docker-compose-win10.yml
View File

@ -39,7 +39,7 @@ services:
- backend - backend
container_name: clearml-elastic container_name: clearml-elastic
environment: environment:
ES_JAVA_OPTS: -Xms2g -Xmx2g ES_JAVA_OPTS: -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
bootstrap.memory_lock: "true" bootstrap.memory_lock: "true"
cluster.name: clearml cluster.name: clearml
@ -62,7 +62,7 @@ services:
nofile: nofile:
soft: 65536 soft: 65536
hard: 65536 hard: 65536
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- c:/opt/clearml/data/elastic_7:/usr/share/elasticsearch/data - c:/opt/clearml/data/elastic_7:/usr/share/elasticsearch/data
@ -126,4 +126,4 @@ networks:
driver: bridge driver: bridge
frontend: frontend:
name: frontend name: frontend
driver: bridge driver: bridge

2
docker/docker-compose.yml
View File

@ -62,7 +62,7 @@ services:
nofile: nofile:
soft: 65536 soft: 65536
hard: 65536 hard: 65536
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /opt/clearml/data/elastic_7:/usr/share/elasticsearch/data - /opt/clearml/data/elastic_7:/usr/share/elasticsearch/data