https://bugzilla.redhat.com/show_bug.cgi?id=1798524
--- Comment #3 from Jason Shepherd jshepherd@redhat.com --- Statement:
OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.
[1] https://github.com/elastic/elasticsearch/issues/49396