Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. References: https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0 https://search-guard.com/cve-advisory/