You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Rajath Banagi Ravindra <Ra...@mindtree.com.INVALID> on 2022/04/05 13:19:09 UTC
Solr - Spring cloud – CVE-2022-22963
Hi,
We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.
Regards
Rajath
________________________________
http://www.mindtree.com/email/disclaimer.html
Re: Solr - Spring cloud – CVE-2022-22963
Posted by Shawn Heisey <ap...@elyograg.org>.
On 4/15/22 00:41, Rajath Banagi Ravindra wrote:
> We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.
Solr does not use any Spring libraries. That is why it is not mentioned
on the Security page.
Some Spring libraries are used for TESTS on the s3 backup repository.
This is why the license information for Solr talks about Spring
libraries. None of the test code is present in a binary download of Solr.
You do not need to worry about that CVE unless you're doing something
very nonstandard that involves Spring libraries that you have added to Solr.
Thanks,
Shawn
RE: Solr - Spring cloud – CVE-2022-22963
Posted by Rajath Banagi Ravindra <Ra...@mindtree.com.INVALID>.
Hi All,
Any update regarding the below request,
Thanks in Advance,
Regards
Rajath
From: Rajath Banagi Ravindra
Sent: Tuesday, April 5, 2022 9:19 AM
To: Aman Tandon <am...@gmail.com>; users@solr.apache.org
Subject: Solr - Spring cloud – CVE-2022-22963
Importance: High
Hi,
We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.
Regards
Rajath
________________________________
http://www.mindtree.com/email/disclaimer.html
Re: Solr - Spring cloud – CVE-2022-22963
Posted by Mike Drob <md...@mdrob.com>.
Rajath,
All of our known and disclosed security vulnerabilities are posted to
https://solr.apache.org/security.html
If something is not listed there than it is either not known, not
disclosed, or not a problem. If you believe you have discovered a new
vulnerability please follow the reporting guidelines outlined on that site.
Thank you,
Mike
On Tue, Apr 5, 2022 at 8:59 AM Rajath Banagi Ravindra
<Ra...@mindtree.com.invalid> wrote:
> Hi,
>
> We are using Solr 7.5 version and Solr 6.4 version in our applications.
> Wanted to check if there is any impact due to vulnerability -
> CVE-2022-22963. I did googling and didn’t find any clear answers regarding
> same. Are Solr instances vulnerable and any action needed from our end,
> please let me know.
>
> Regards
> Rajath
>
> ________________________________
>
> http://www.mindtree.com/email/disclaimer.html
>