[elasticsearch] [Security] information disclosure (CVE-2021-22137 CVE-2021-22135 CVE-2021-22134)
Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
Looking at the CVE details, all three of these CVEs are pertaining to Document and Field Level Security, which is only present in the non-OSS release.
If FS#70388 is fixed so that Arch Linux distributes the OSS release of 7.10.x, then these CVEs would not be a problem.