You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@lucene.apache.org by Apache Wiki <wi...@apache.org> on 2014/04/21 07:06:14 UTC

[Solr Wiki] Update of "SolrHeartbleed" by ShawnHeisey

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrHeartbleed" page has been changed by ShawnHeisey:
https://wiki.apache.org/solr/SolrHeartbleed

Comment:
Initial page creation

New page:
<<TableOfContents>>

= Solr and Heartbleed =

(./) Solr is not directly vulnerable to the Heartbleed exploit, a security vulnerability in specific versions of OpenSSL.

Solr itself contains no SSL code.  It runs in a java servlet container.  The two most common choices for servlet container are Jetty and Tomcat.  Both of these use the implementation of SSL built into Java, not OpenSSL.  It is likely that *all* servlet containers will use the Java implementation.

/!\ There may be vulnerabilities in third-party software that gets used with Solr, even though Solr itself is not vulnerable.  This would include proxy software and proxy hardware.