Remove xmlsec deletion (DataBiosphere/azul-private#107, DataBiosphere/azul#6570)

dsotirho-ucsc · dsotirho-ucsc · commit c7234edf75f5 · 2024-09-17T12:50:56.000-07:00
xmlsec was updated to 2.2.6 in elasticsearch 7.17.24, and no longer has the CVE-2021-40690 vulnerability that xmlsec 2.1.4 had
diff --git a/Dockerfile b/Dockerfile
@@ -6,9 +6,6 @@ ARG azul_docker_elasticsearch_internal_version
 
 RUN apt-get update && apt-get upgrade -y
 
-# https://nvd.nist.gov/vuln/detail/CVE-2021-40690
-RUN rm /usr/share/elasticsearch/modules/x-pack-{identity-provider,security}/xmlsec-2.1.4.jar
-
 # https://nvd.nist.gov/vuln/detail/CVE-2023-1370
 RUN rm /usr/share/elasticsearch/modules/x-pack-security/nimbus-jose-jwt-9.23.jar
 
