CVE-2022-23491

Advisory

Opensearch-py 2.3.0 updates its dependency 'certifi' to version '2022.12.07' to include a fix for a vulnerability.
https://github.com/opensearch-project/opensearch-py/pull/295

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Added
- Added async support for helpers that are merged from opensearch-dsl-py ([329](https://github.com/opensearch-project/opensearch-py/pull/329))
- Added search.md to guides ([356](https://github.com/opensearch-project/opensearch-py/pull/356))
- Added index lifecycle guide ([362](https://github.com/opensearch-project/opensearch-py/pull/362))
- Added point in time APIs to the pyi files in sync and async client ([378](https://github.com/opensearch-project/opensearch-py/pull/378))
- Added MacOS and Windows CI workflows ([390](https://github.com/opensearch-project/opensearch-py/pull/390))
- Added support for the security plugin ([399](https://github.com/opensearch-project/opensearch-py/pull/399))
- Supports OpenSearch 2.1.0 - 2.6.0 ([381](https://github.com/opensearch-project/opensearch-py/pull/381))
- Added `allow_redirects` to `RequestsHttpConnectionperform_request` ([401](https://github.com/opensearch-project/opensearch-py/pull/401))
- Enhanced YAML test runner to use OpenSearch `rest-api-spec` YAML tests ([414](https://github.com/opensearch-project/opensearch-py/pull/414)
- Added `Searchcollapse` ([409](https://github.com/opensearch-project/opensearch-py/issues/409))
- Added support for the ISM API ([398](https://github.com/opensearch-project/opensearch-py/pull/398))
- Added `trust_env` to `AIOHttpConnection` ([398](https://github.com/opensearch-project/opensearch-py/pull/438))
- Added support for latest OpenSearch versions 2.7.0, 2.8.0 ([445](https://github.com/opensearch-project/opensearch-py/pull/445))
- Added samples ([447](https://github.com/opensearch-project/opensearch-py/pull/447))
- Improved CI performance of integration with unreleased OpenSearch ([318](https://github.com/opensearch-project/opensearch-py/pull/318))
- Added k-NN guide and samples ([449](https://github.com/opensearch-project/opensearch-py/pull/449))
- Added the ability to run tests matching a pattern to `.ci/run-tests` ([454](https://github.com/opensearch-project/opensearch-py/pull/454))
Changed
- Moved security from `plugins` to `clients` ([442](https://github.com/opensearch-project/opensearch-py/pull/442))
- Updated Security Client APIs ([450](https://github.com/opensearch-project/opensearch-py/pull/450))
Deprecated
Removed
- Removed support for Python 2.7 ([421](https://github.com/opensearch-project/opensearch-py/pull/421))
Fixed
- Fixed flaky CI tests by replacing httpbin with a simple http_server ([395](https://github.com/opensearch-project/opensearch-py/pull/395))
- Fixed import cycle when importing async helpers ([311](https://github.com/opensearch-project/opensearch-py/pull/311))
- Fixed `make docs` with sphinx([433](https://github.com/opensearch-project/opensearch-py/pull/433))
- Fixed user guide for async client ([340](https://github.com/opensearch-project/opensearch-py/pull/340))
- Include parsed error info in `TransportError` in async connections ([226](https://github.com/opensearch-project/opensearch-py/pull/226))
- Enhanced existing API generator to use OpenSearch OpenAPI spec ([412](https://github.com/opensearch-project/opensearch-py/pull/412))
- Fix crash when attempting to authenticate with an async connection ([424](https://github.com/opensearch-project/opensearch-py/pull/424))
Security
- Fixed CVE-2022-23491 reported in opensearch-dsl-py ([295](https://github.com/opensearch-project/opensearch-py/pull/295))
Dependencies
- Bumps `pytest-asyncio` to 0.21.0 ([339](https://github.com/opensearch-project/opensearch-py/pull/339))
- Bumps `sphinx` from <1.7 to <7.1
- Bumps `pytest-asyncio` from <=0.21.0 to <=0.21.1

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491