potential security leaks due to outdated dependencies

[Pankraz76]

Elasticsearch Version

CI

Installed Plugins

No response

Java Version

CI

OS Version

CI

Problem Description

Assuming some projects deliver security patches—not to mention features or other fixes—most large projects rely on some kind of automation (like Dependabot or Renovate) to update their dependencies and address potential vulnerabilities, bugs, and issues.

However, this is often treated as a QA concern that many people neglect, arguing that developing new features is more important. Some would argue its potentially an security topic having top priority.

Just wanted to point out that libraries last updated in 2022 are considered outdated by some.

Steps to Reproduce

Logs (if relevant)

No response

[DaveCTurner]

Thank you for your report.

Elastic's security reporting guidelines are available at https://www.elastic.co/community/security. Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to security@elastic.co

We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.