[BSERV-19605] Opensearch Apache CXF - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Fixed
Fix Version/s: 8.9.19, 8.19.9
Component/s: Search - Bundled
Labels:

UIS:
0
Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

When using Bitbucket 8.9.18 and Bitbucket 8.19.8 security tools identify a security flag on the bundled opensearch, related to these two CVE's :

CVE-2024-28752 and CVE-2024-29736

Bitbucket 8.19.8 and and 8.9.18 are currently shipping OpenSearch 1.3.18 which uses APACHE CXF 3.5.8.

In order to fix the issue, OpenSearch needs to be bumped to OpenSearch 1.3.19.

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Samuel de Azevedo Dias

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 04/Sep/2024 2:25 PM

Updated:: 15/Sep/2024 10:00 AM

Resolved:: 10/Sep/2024 7:41 AM