You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Ishan Chattopadhyaya (Jira)" <ji...@apache.org> on 2023/01/10 12:24:00 UTC
[jira] [Resolved] (SOLR-16614) Apache Solr Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/SOLR-16614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya resolved SOLR-16614.
-----------------------------------------
Resolution: Invalid
DIH is deprecated and removed from Solr. Please check in users mailing list.
> Apache Solr Information Disclosure Vulnerability
> ------------------------------------------------
>
> Key: SOLR-16614
> URL: https://issues.apache.org/jira/browse/SOLR-16614
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hariprasad T
> Priority: Major
>
> Hi Team,
> We have a Sitecore project of version 9.3 and we are using windows Solr 8.1.1. We have this Vulnerability "{*}Apache Solr Information Disclosure Vulnerability{*}" impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.
> *Ref:* SOLR-15826 -CVE-2021-44548
> *URL:* https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler
> *Impacted Servers:*
> Servers like TST, STG.
> *Mitigation:*
> *(a)* Ensure only trusted clients can make requests to Solr's DataImport handler.
> *Comment:*
> Please advise how to fix this vulnerability and where we have to make the changes.
> or it would be great if you can suggest any other solution to fix this vulnerability.
> Thanks in advance!
>
> Best,
> Hariprasad T
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org