[ https://issues.apache.org/jira/browse/OAK-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838704#comment-17838704 ]
Fabrizio Fortino commented on OAK-10769: ---------------------------------------- Needed to fix the following vulnerability: * *CVE-2023-4043* in version 1.0.0 (CVSS 7.5 High): In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. > Bump elasticsearch version to 8.13.2 > ------------------------------------ > > Key: OAK-10769 > URL: https://issues.apache.org/jira/browse/OAK-10769 > Project: Jackrabbit Oak > Issue Type: Task > Components: search, search-elastic > Reporter: Fabrizio Fortino > Assignee: Fabrizio Fortino > Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)