You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bigtop.apache.org by "Masatake Iwasaki (Jira)" <ji...@apache.org> on 2021/03/01 15:05:00 UTC

[jira] [Resolved] (BIGTOP-3507) Solr: CVE-2020-13957 mitigation backport

     [ https://issues.apache.org/jira/browse/BIGTOP-3507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Masatake Iwasaki resolved BIGTOP-3507.
--------------------------------------
    Fix Version/s: 3.0.0
       Resolution: Fixed

> Solr: CVE-2020-13957 mitigation backport
> ----------------------------------------
>
>                 Key: BIGTOP-3507
>                 URL: https://issues.apache.org/jira/browse/BIGTOP-3507
>             Project: Bigtop
>          Issue Type: Improvement
>          Components: solr
>            Reporter: Jun He
>            Assignee: Jun He
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There is a [CVE security beach|https://lucene.apache.org/solr/security.html#cve-2020-13957-the-checks-added-to-unauthenticated-configset-uploads-in-apache-solr-can-be-circumvented] reported for solr on quite a few versions, where v6.6.6 is also affected.
> Will backport upstream fix [SOLR-14663|https://issues.apache.org/jira/browse/SOLR-14663]  for this to v6.6.6 in solr component.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)