Merge pull request #2237 from hongwei1/feature/fixedVulnerability

refactor/vornerability - snakeyaml and commons-compress

obp-api/pom.xml

@@ -209,7 +209,7 @@
     <dependency>
       <groupId>org.elasticsearch</groupId>
       <artifactId>elasticsearch</artifactId>
-      <version>7.17.1</version>
+      <version>8.8.1</version>
     </dependency>
     <!-- https://mvnrepository.com/artifact/com.sksamuel.elastic4s/elastic4s-client-esjava -->
     <dependency>
@@ -260,6 +260,11 @@
       <artifactId>avro4s-core_${scala.version}</artifactId>
       <version>${avro.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-compress</artifactId>
+      <version>1.23.0</version>
+    </dependency>
     <dependency>
       <groupId>com.twitter</groupId>
       <artifactId>chill-akka_${scala.version}</artifactId>

obp-api/src/main/scala/code/search/search.scala

@@ -17,8 +17,6 @@ import net.liftweb.json
 import net.liftweb.json.JsonAST
 import net.liftweb.json.JsonAST._
 import net.liftweb.util.Helpers
-import org.elasticsearch.common.settings.Settings
-
 import scala.concurrent.Await
 import scala.concurrent.duration.Duration
 import scala.util.control.NoStackTrace
@@ -303,7 +301,8 @@ class elasticsearchWarehouse extends elasticsearch {
   val props = ElasticProperties(s"http://$esHost:${esPortTCP.toInt}")
   var client: ElasticClient = null
   if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_warehouse", false) ) {
-    val settings = Settings.builder().put("cluster.name", APIUtil.getPropsValue("es.cluster.name", "elasticsearch")).build()
+    //this is not used in the current code, first comment to solve the vulnerability issue 
+    // val settings = Settings.builder().put("cluster.name", APIUtil.getPropsValue("es.cluster.name", "elasticsearch")).build()
     client = ElasticClient(JavaClient(props))
   }
 }