Re: [Solr Wiki] Update of "ReleaseNote410" by HossMan

[Uwe Schindler <uw...@thetaphi.de>]

Hi Hoss,
Looks OK.

Uwe

Am 28. August 2014 20:50:16 MESZ, schrieb Apache Wiki <wi...@apache.org>:
>Dear Wiki user,
>
>You have subscribed to a wiki page or wiki category on "Solr Wiki" for
>change notification.
>
>The "ReleaseNote410" page has been changed by HossMan:
>https://wiki.apache.org/solr/ReleaseNote410?action=diff&rev1=3&rev2=4
>
>Comment:
>replace details in with summary and existing URL to details
>
>  Solr 4.10.0 Release Highlights:
>  
>  * This release upgrades Solr Cell's (contrib/extraction) dependency
>-   on Apache POI to mitigate the following security problems:
>+   on Apache POI to mitigate 2 security vulnerabilities:
>+     http://s.apache.org/solr-cell-security-notice
>- 
>-   CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's
>-   OpenXML parser
>-   Type: Information disclosure
>-   Description: Apache POI uses Java's XML components to parse OpenXML
>-   files produced by Microsoft Office products (DOCX, XLSX, PPTX,...).
>-   Applications that accept such files from end-users are vulnerable
>to
>-   XML External Entity (XXE) attacks, which allows remote attackers to
>-   bypass security restrictions and read arbitrary files via a crafted
>-   OpenXML document that provides an XML external entity declaration
>-   in conjunction with an entity reference.
>- 
>-   CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's
>-   OpenXML parser
>-   Type: Denial of service
>-   Description: Apache POI uses Java's XML components and Apache
>Xmlbeans
>-   to parse OpenXML files produced by Microsoft Office products (DOCX,
>-   XLSX, PPTX,...). Applications that accept such files from end-users
>-   are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"),
>-   which allows remote hackers to consume large amounts of CPU
>resources.
>  
>  * Scripts for starting, stopping, and running Solr examples
>  

--
Uwe Schindler
H.-H.-Meier-Allee 63, 28213 Bremen
http://www.thetaphi.de