You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/12/17 04:30:37 UTC

[ofbiz-plugins] branch trunk updated: Fixed: Update Solr and Lucene to address several CVEs (including Log4j) (OFBIZ-12464)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/trunk by this push:
     new a02c8ba  Fixed: Update Solr and Lucene to address several CVEs (including Log4j) (OFBIZ-12464)
a02c8ba is described below

commit a02c8ba35043b2ca83635977b858fe18a6ddeba8
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Dec 17 05:14:19 2021 +0100

    Fixed: Update Solr and Lucene to address several CVEs (including Log4j) (OFBIZ-12464)
    
    Solr is not yet available on Maven :/
    
    We will also need to update Tika, and I guess the list will continue...
---
 lucene/build.gradle                                           | 11 ++++++-----
 .../java/org/apache/ofbiz/content/search/SearchWorker.java    |  2 +-
 solr/build.gradle                                             |  7 ++++---
 solr/home/solrdefault/conf/solrconfig.xml                     |  2 +-
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/lucene/build.gradle b/lucene/build.gradle
index 406289d..d905758 100644
--- a/lucene/build.gradle
+++ b/lucene/build.gradle
@@ -17,9 +17,10 @@
  * under the License.
  */
 dependencies {
-    // Remember to change the version LUCENE_VERSION in SearchWorker class when upgrading.
-    // Also Solr et Lucene should use the same version, luceneMatchVersion should be updated in solrconfig.xml
-    pluginLibsCompile 'org.apache.lucene:lucene-core:8.11.1'
-    pluginLibsCompile 'org.apache.lucene:lucene-queryparser:8.11.1'
-    pluginLibsCompile 'org.apache.lucene:lucene-analyzers-common:8.11.1'
+    // 1. Remember to change the version LUCENE_VERSION in SearchWorker class when upgrading.
+    // 2. luceneMatchVersion should be updated in solrconfig.xml
+    // 3. Also Solr et Lucene should use the same version, 
+    pluginLibsCompile 'org.apache.lucene:lucene-core:8.11.0'
+    pluginLibsCompile 'org.apache.lucene:lucene-queryparser:8.11.0'
+    pluginLibsCompile 'org.apache.lucene:lucene-analyzers-common:8.11.0'
 }
diff --git a/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java b/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
index 41d2d69..6275e5a 100644
--- a/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
+++ b/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
@@ -41,7 +41,7 @@ public final class SearchWorker {
 
     private static final String MODULE = SearchWorker.class.getName();
 
-    private static final Version LUCENE_VERSION = Version.LUCENE_8_11_1;
+    private static final Version LUCENE_VERSION = Version.LUCENE_8_11_0;
 
     private SearchWorker() { }
 
diff --git a/solr/build.gradle b/solr/build.gradle
index 7e57866..a97cc78 100644
--- a/solr/build.gradle
+++ b/solr/build.gradle
@@ -17,9 +17,10 @@
  * under the License.
  */
 dependencies {
-    // Remember to change the version LUCENE_VERSION in SearchWorker class when upgrading.
-    // Also Solr et Lucene should use the same version, luceneMatchVersion should be updated in solrconfig.xml
-    pluginLibsCompile 'org.apache.solr:solr-core:8.11.1'
+    // 1. Remember to change the version LUCENE_VERSION in SearchWorker class when upgrading.
+    // 2. luceneMatchVersion should be updated in solrconfig.xml
+    // 3. Also Solr et Lucene should use the same version, 
+    pluginLibsCompile 'org.apache.solr:solr-core:8.11.0'
     pluginLibsCompile 'com.google.guava:guava:28.0-jre'
 }
 
diff --git a/solr/home/solrdefault/conf/solrconfig.xml b/solr/home/solrdefault/conf/solrconfig.xml
index b9e8e06..f597685 100644
--- a/solr/home/solrdefault/conf/solrconfig.xml
+++ b/solr/home/solrdefault/conf/solrconfig.xml
@@ -35,7 +35,7 @@
        that you fully re-index after changing this setting as it can
        affect both how text is indexed and queried.
   -->
-  <luceneMatchVersion>8.11.1</luceneMatchVersion>
+  <luceneMatchVersion>8.11.0</luceneMatchVersion>
 
   <!-- <lib/> directives can be used to instruct Solr to load any Jars
        identified and use them to resolve any "plugins" specified in