New releases for Siren Federate 6.8.14-10.3.9, 7.6.2-20.2, 7.9.3-21.6 and 7.10.2-22.2 are available today. These releases include a number of performance improvements, bug fixes, and a security fix.
In particular, we have optimized the management of threads during the shuffling phase. This optimization can lead to a significant improvement in response times. In a large scale scenario, we have observed a reduction of response times by up to 3x.
We fixed a bug that had the potential to cause a leak of user information across thread contexts. If a user ran a query concurrently with another more privileged user on the same coordinator node, the search could be executed with higher privileges. This could result in an attacker gaining additional permissions against a restricted index.
For more information, see the following links:
- CVE-2021-28938 (CVE - CVE-2021-28938)
- Release notes for 7.10.2-22.2 (Release notes :: SIREN DOCS)
- Release notes for 7.9.3-21.6 (Release notes :: SIREN DOCS)
- Release notes for 7.6.2-20.2 (Release notes :: SIREN DOCS)
Download it here