Update ES version to 7.16.2

2025-03-03 10:43:10 +00:00 · 2021-12-22 13:53:34 +02:00 · 2021-12-22 13:53:34 +02:00 · 1502e02a1a
commit 1502e02a1a
parent d0e2313a24
3 changed files with 7 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -25,7 +25,7 @@ due to Elasticsearch’s usage of the Java Security Manager.

 **As the latest version of ClearML Server uses Elasticsearch 7.10+ with JDK15, it is not affected by these vulnerabilities.**

-As a precaution, we've added the mitigation recommended by ElasticSearch to our latest [docker-compose.yml](https://github.com/allegroai/clearml-server/blob/cfccbe05c158b75e520581f86e9668291da5c70a/docker/docker-compose.yml#L42) file.
+As a precaution, we've upgraded the ES version to 7.16.2 and added the mitigation recommended by ElasticSearch to our latest [docker-compose.yml](https://github.com/allegroai/clearml-server/blob/cfccbe05c158b75e520581f86e9668291da5c70a/docker/docker-compose.yml#L42) file.

 While previous Elasticsearch versions (5.6.11+, 6.4.0+ and 7.0.0+) used by older ClearML Server versions are only susceptible to the information leakage vulnerability
 (which in any case **does not permit access to data within the Elasticsearch cluster**), 
@ -35,6 +35,8 @@ we still recommend upgrading to the latest version of ClearML Server. Alternativ
 **Update 15 December**: A further vulnerability (CVE-2021-45046) was disclosed on December 14th.
 ElasticSearch's guidance for Elasticsearch remains unchanged by this new vulnerability, thus **not affecting ClearML Server**.

+**Update 22 December**: To keep with ElasticSearch's recommendations, we've upgraded the ES version to the newly released 7.16.2
+
 ---

 ## ClearML Server
--- a/docker/docker-compose-win10.yml
+++ b/docker/docker-compose-win10.yml
@ -39,7 +39,7 @@ services:
      - backend
    container_name: clearml-elastic
    environment:
-      ES_JAVA_OPTS: -Xms2g -Xmx2g
+      ES_JAVA_OPTS: -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
      bootstrap.memory_lock: "true"
      cluster.name: clearml
@ -62,7 +62,7 @@ services:
      nofile:
        soft: 65536
        hard: 65536
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
    restart: unless-stopped
    volumes:
      - c:/opt/clearml/data/elastic_7:/usr/share/elasticsearch/data
@ -126,4 +126,4 @@ networks:
    driver: bridge
  frontend:
    name: frontend
-    driver: bridge
+    driver: bridge
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -62,7 +62,7 @@ services:
      nofile:
        soft: 65536
        hard: 65536
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
    restart: unless-stopped
    volumes:
      - /opt/clearml/data/elastic_7:/usr/share/elasticsearch/data