You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@lucene.apache.org by Apache Wiki <wi...@apache.org> on 2018/04/08 18:45:02 UTC

[Solr Wiki] Update of "SolrSecurity" by UweSchindler

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrSecurity" page has been changed by UweSchindler:
https://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=48&rev2=49

Comment:
CVE-2018-1308: XXE attack through DIH's dataConfig request parameter

  
  == Security announcements ==
  
+  * 2018-04-08: CVE-2018-1308: XXE attack through DIH's dataConfig request parameter
   * 2017-10-26: CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser bundled with Apache Solr
   * [[http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E|2017-10-18: CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)]]
   * [[http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw@mail.gmail.com%3E|2017-09-18: CVE-2017-9803: Security vulnerability in kerberos delegation token functionality]]