[BUG] Update aws-java-sdk-s3 to >1.12.261

[chrisdudley]

opensearch 2.1.0 contains com.amazonaws_aws-java-sdk-s3 v1.11.749 which has this security advisory published for it: GHSA-c28r-hw5m-5gv3

CVE-2022-31159

Please can OS bump its use of that plugin to > 1.12.261 to pick up the fix ?

[saratvemulapalli]

Looks like dependencies were upgraded in main by #4047
I tried a backport to 2.x, looks like it fails. We could manually backport it.

[saratvemulapalli]

@kartg looks like a high sev CVE, can we get this to 2.2 ?

[kartg]

@peterzhuamazon have we started building the 2.2 release yet? Or can we get this CVE fix in?

I'll work on the manual backport to 2.x in the meantime.

cc @CEHENKLE

[peterzhuamazon]

@peterzhuamazon have we started building the 2.2 release yet? Or can we get this CVE fix in?

I'll work on the manual backport to 2.x in the meantime.

cc @CEHENKLE

@kartg we have seen some issues in PA/SQL Workbench now so you are safe to backport your change.

Thanks.

[kartg]

Just confirming that we're pulling this upgrade into the 2.2 release. The AWS library has been upgraded to 1.12.270

[chrisdudley]

Thank you!