-
Type:
Suggestion
-
Resolution: Fixed
-
Component/s: Search - Bundled
-
0
When using Bitbucket 8.9.18 and Bitbucket 8.19.8 security tools identify a security flag on the bundled opensearch, related to these two CVE's :
CVE-2024-28752 and CVE-2024-29736
Bitbucket 8.19.8 and and 8.9.18 are currently shipping OpenSearch 1.3.18 which uses APACHE CXF 3.5.8.
In order to fix the issue, OpenSearch needs to be bumped to OpenSearch 1.3.19.