Zelin Hao

After researching, we can't upgrade spring libraries without upgrading jenkins core version and potential JDK upgrade. Explicitly upgrading will cause compatibility issue.

This spring library is introduced by jenkins core 2.426.3. https://mvnrepository.com/artifact/org.jenkins-ci.main/jenkins-core/2.426.3 We could fix all spring related CVEs by manually upgrade [org.springframework.security](https://mvnrepository.com/artifact/org.springframework.security) » [spring-security-web](https://mvnrepository.com/artifact/org.springframework.security/spring-security-web) to 6.3.3.

After researching, we can't upgrade spring libraries without upgrading jenkins core version and potential JDK upgrade. Explicitly upgrading will cause compatibility issue.

Maybe we should transfer this issue to OpenSearch repo since this is regarding of the gradle check workflow in that repo?

Native plugin installation works for opensearch-3.0.0-alpha1 ``` ~/opensearch-3.0.0-alpha1 ./bin/opensearch-plugin install repository-s3 -> Installing repository-s3 -> Downloading repository-s3 from opensearch [=================================================] 100% @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

Manually marked this dependency as ignored until our further investigation.

Seems like index management plugins failed on 4 out of 6 our integ tests on the same test. `Test class org.opensearch.indexmanagement.transform.TransformRunnerIT`

@martin-gaievski @heemin32 Do we have any plan to onboard this one? We are targeting this to be onboarded for 3.0.0.

I will wait until OpenSearch 3.1.0 officially release on June 24th to proceed with this PR.

> [@zelinh](https://github.com/zelinh) is this a requirement for a plugin that added to distribution recently? In particular I'm talking about https://github.com/opensearch-project/search-relevance, there is no separate GH issue for that repo Yes....