You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by Uwe Schindler <uw...@thetaphi.de> on 2014/08/28 20:54:22 UTC
Re: [Solr Wiki] Update of "ReleaseNote410" by HossMan
Hi Hoss,
Looks OK.
Uwe
Am 28. August 2014 20:50:16 MESZ, schrieb Apache Wiki <wi...@apache.org>:
>Dear Wiki user,
>
>You have subscribed to a wiki page or wiki category on "Solr Wiki" for
>change notification.
>
>The "ReleaseNote410" page has been changed by HossMan:
>https://wiki.apache.org/solr/ReleaseNote410?action=diff&rev1=3&rev2=4
>
>Comment:
>replace details in with summary and existing URL to details
>
> Solr 4.10.0 Release Highlights:
>
> * This release upgrades Solr Cell's (contrib/extraction) dependency
>- on Apache POI to mitigate the following security problems:
>+ on Apache POI to mitigate 2 security vulnerabilities:
>+ http://s.apache.org/solr-cell-security-notice
>-
>- CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's
>- OpenXML parser
>- Type: Information disclosure
>- Description: Apache POI uses Java's XML components to parse OpenXML
>- files produced by Microsoft Office products (DOCX, XLSX, PPTX,...).
>- Applications that accept such files from end-users are vulnerable
>to
>- XML External Entity (XXE) attacks, which allows remote attackers to
>- bypass security restrictions and read arbitrary files via a crafted
>- OpenXML document that provides an XML external entity declaration
>- in conjunction with an entity reference.
>-
>- CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's
>- OpenXML parser
>- Type: Denial of service
>- Description: Apache POI uses Java's XML components and Apache
>Xmlbeans
>- to parse OpenXML files produced by Microsoft Office products (DOCX,
>- XLSX, PPTX,...). Applications that accept such files from end-users
>- are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"),
>- which allows remote hackers to consume large amounts of CPU
>resources.
>
> * Scripts for starting, stopping, and running Solr examples
>
--
Uwe Schindler
H.-H.-Meier-Allee 63, 28213 Bremen
http://www.thetaphi.de