You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by "Bierenfeld Michael (BayWa München-Zentrale)" <Mi...@baywa.de> on 2022/10/18 13:14:59 UTC

CVE-2022-42889

Hi,

solr uses this library in affected Versions. Are there any plans for Updates to apache-commons >= 1.10.0 ?

Regards

Michael

Re: CVE-2022-42889

Posted by Markus Jelsma <ma...@openindex.io>.

Probably, yes.

But see:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools

Op wo 9 nov. 2022 om 08:17 schreef HariBabu kuruva <
hari2708.kuruva@gmail.com>:

> Hi All,
>
> We are using solr-8.11.1 ,  Currently we have commons-text-1.6.jar, shall i
> replace it with commons-text-1.10.0.jar and restart the application? Will
> that work ?
>
> Please help.
>
> On Wed, Oct 19, 2022 at 3:28 PM Markus Jelsma <ma...@openindex.io>
> wrote:
>
> > Yes, it is already being done:
> > https://issues.apache.org/jira/browse/SOLR-16464
> >
> > Op wo 19 okt. 2022 om 05:51 schreef Bierenfeld Michael (BayWa
> > München-Zentrale) <Mi...@baywa.de>:
> >
> > > Hi,
> > >
> > > solr uses this library in affected Versions. Are there any plans for
> > > Updates to apache-commons >= 1.10.0 ?
> > >
> > > Regards
> > >
> > > Michael
> > >
> >
>
>
> --
>
> Thanks and Regards,
>  Hari
> Mobile:9790756568
>

Re: CVE-2022-42889

Posted by HariBabu kuruva <ha...@gmail.com>.

Hi All,

We are using solr-8.11.1 ,  Currently we have commons-text-1.6.jar, shall i
replace it with commons-text-1.10.0.jar and restart the application? Will
that work ?

Please help.

On Wed, Oct 19, 2022 at 3:28 PM Markus Jelsma <ma...@openindex.io>
wrote:

> Yes, it is already being done:
> https://issues.apache.org/jira/browse/SOLR-16464
>
> Op wo 19 okt. 2022 om 05:51 schreef Bierenfeld Michael (BayWa
> München-Zentrale) <Mi...@baywa.de>:
>
> > Hi,
> >
> > solr uses this library in affected Versions. Are there any plans for
> > Updates to apache-commons >= 1.10.0 ?
> >
> > Regards
> >
> > Michael
> >
>

-- 

Thanks and Regards,
 Hari
Mobile:9790756568

Re: CVE-2022-42889

Posted by Markus Jelsma <ma...@openindex.io>.

Yes, it is already being done:
https://issues.apache.org/jira/browse/SOLR-16464

Op wo 19 okt. 2022 om 05:51 schreef Bierenfeld Michael (BayWa
München-Zentrale) <Mi...@baywa.de>:

> Hi,
>
> solr uses this library in affected Versions. Are there any plans for
> Updates to apache-commons >= 1.10.0 ?
>
> Regards
>
> Michael
>