Elastic Cloud Enterprise 2.13.3

edit

The following changes are included in this release.

Enhancements

edit

Update nimbus-jose-jwt to 9.31. Various fixes and enhancements.

Bump Jackson version to 2.9.10.8. This version brings fixes for a large number of CVEs:

  • "Gadget"-deserialisation-related:

    • CVE-2020-10968
    • CVE-2020-14061
    • CVE-2020-14062
    • CVE-2020-14195
    • CVE-2020-36184
    • CVE-2020-36182
    • CVE-2020-35728
    • CVE-2020-11619
    • CVE-2020-36185
    • CVE-2020-35490
    • GHSA-58pp-9c76-5625
    • CVE-2020-36186
    • CVE-2020-36187
    • GHSA-5949-rw7g-wx7w
    • GHSA-v3xw-c963-f5hc
    • CVE-2020-24616
    • GHSA-r3gr-cxrf-hg25
    • CVE-2020-36188
    • CVE-2020-36180
    • GHSA-95cm-88f5-f2c7
    • CVE-2020-36189
    • CVE-2020-14060
    • CVE-2020-36181
    • CVE-2020-11620
    • CVE-2020-10969
    • CVE-2020-36179
    • CVE-2020-36183
    • CVE-2020-11113
    • GHSA-rpr3-cw39-3pxh
  • XML XXE.