Hi all,
pegasystem/search:8.7.0 includes elasticsearch version 5.6.14 which was released in December 2018. Does anyone know why they included such an ancient version? I am not allowed to use this due to security issues. I need to update it to a newer version. What is the best way to do that?
Best regards
Olav
@OlavT694
The following article outlines the supported versions:
Although I cannot give you the reason for the choice of version used in the product I can point you to the following article:
Updating the version of Elasticsearch generally needs more testing and carries some risk which is why there may have been some delay. Note also that Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service.
An enhancement request, FDBK-70833, has been created and our engineers are actively working on updating the ES versions in upcoming releases. I have no further details about the timeframes.
Thanks for your reply. I was not aware of those documents. The first one explains why I wasn’t able to run Search nodetype in the batch tier.
I would have to argue very hard do be allowed to deploy pegasystems/search:8.7.0 (or 8.6.2) into our production cluster. I see that the helm chart for the backingservices has elasticsearch version 7.9.3 as default. This image also has several critical issues, but if I could use 7.16.3, then at least the critical issues are gone…
I hope you can process the enhancement request sooner rather than later.
BRgds
Olav
@OlavT694 I’ve checked with the SME and it has been determined that the developers are no longer working on Embedded ES mode and therefore there are no plans to upgrade the ES version. Instead we suggest to move to the SRS mode – service which is using latest (or one of) ES version (as outlined in the original article)
I hope this answers your question.
Well, yes, but new question arises.
There is no search-n-reporting-service docker image on docker.hub. Do you keep in a restricted area?
BRgds
Olav
@OlavT694 I believe that we have answered your original query about ES versions.
This question relates to the use of Embedded/ Legacy Elasticsearch on Pega 8.7. From 8.6 onwards, recommendation from platform is to use the Search and Reporting service (an independent microservice) that helps to externalize Elasticsearch.
For your concerns regarding log4j vulnerability, please take a look at our official security advisory page & look for Section on Pega Search Functionality
Could you mark this post as ‘Accept Solution’?
You can refer to the backing services helm charts for deploying SRS & we currently support ES 7.10.2
If you have any further Docker hub image question, please could you post this as new Product Question for ‘Cloud Services’ so that the relevant SME can find and answer your query?