You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Ishan Chattopadhyaya (Jira)" <ji...@apache.org> on 2020/07/04 08:13:00 UTC
[jira] [Commented] (SOLR-14603) Updating the Restlet Version
[ https://issues.apache.org/jira/browse/SOLR-14603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151230#comment-17151230 ]
Ishan Chattopadhyaya commented on SOLR-14603:
---------------------------------------------
Making this issue public as there is no immediate threat to Solr.
Btw, I see restlet 2.4.0 in maven central here: [https://mvnrepository.com/artifact/org.restlet.jee/org.restlet/2.4.0|https://mvnrepository.com/artifact/org.restlet.jee/org.restlet/2.4.0.]
[~marcussorealheis] , [~janhoy] should we now start using that instead of getting it from maven.restlet.com?
> Updating the Restlet Version
> ----------------------------
>
> Key: SOLR-14603
> URL: https://issues.apache.org/jira/browse/SOLR-14603
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Build, Schema and Analysis
> Affects Versions: master (9.0)
> Reporter: Marcus Eagan
> Priority: Blocker
> Fix For: 8.6
>
>
> There's not a whole lot of risk here because of the limited surface area of Restlet in the project. [~ichattopadhyaya] even suggested we could remove it, which I tend to agree with.
> I noticed that the Restlet dependency's location was no longer resolving at: https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar.
> Now, of course, I could change it to a location that does resolve or download directly. However, I looking at the changelog I thought that maybe I should raise with the community that it an upgrade might be helpful given the CVEs.
> I will leave it to the experts as to whether it makes a difference, but here's the changelog for reference.
> The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It is very likely that 2.4.1 would be better. I'd leave that, again, to the experts and post my findings.
> https://github.com/apache/lucene-solr/pull/1622
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org