You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "sujeeth62 (via GitHub)" <gi...@apache.org> on 2023/05/23 13:01:12 UTC
[GitHub] [solr-operator] sujeeth62 opened a new issue, #570: Upgrade golang to v1.19.9
sujeeth62 opened a new issue, #570:
URL: https://github.com/apache/solr-operator/issues/570
Following are the CVE reported on Solr v0.7.0:
1.CVE-2023-29400: Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
2. CVE-2023-24540: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
3. CVE-2023-24539: Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
Solr-Operator images needs to be updated to 1.19.9,1.20.4 inorder to fix above version.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] sujeeth62 commented on issue #570: Upgrade golang to v1.20
Posted by "sujeeth62 (via GitHub)" <gi...@apache.org>.
sujeeth62 commented on issue #570:
URL: https://github.com/apache/solr-operator/issues/570#issuecomment-1585696544
Raised PR: https://github.com/apache/solr-operator/pull/578
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] HoustonPutman commented on issue #570: Upgrade golang to v1.19.9
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on issue #570:
URL: https://github.com/apache/solr-operator/issues/570#issuecomment-1559451582
Please feel free to open a PR for an upgrade to Golang v1.20, it only needs to be updated in a few places. (go.mod, Dockerfile, and the github actions)!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr-operator] HoustonPutman closed issue #570: Upgrade golang to v1.20
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman closed issue #570: Upgrade golang to v1.20
URL: https://github.com/apache/solr-operator/issues/570
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org