Elasticsearch has released versions 1.5.2 and 1.4.5 to address a critical directory traversal vulnerability, which allows attackers to access files on servers with installed site plugins. This vulnerability, identified as CVE-2015-3337, does not affect the core installation but is triggered by site plugins like Marvel and others, with the fix requiring users to upgrade or disable site plugins. Noteworthy improvements in these releases include enhanced handling of indexed scripts and templates, geo-shape precision fixes, better shadow replica resilience, and important back-ported changes to version 1.4.5 for faster shard recovery and improved translog handling. Users are encouraged to upgrade and share feedback on their experiences via Twitter or GitHub.