You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by Rajath Banagi Ravindra <Ra...@mindtree.com.INVALID> on 2022/04/05 13:19:09 UTC

Solr - Spring cloud – CVE-2022-22963

Hi,

We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.

Regards
Rajath

________________________________

http://www.mindtree.com/email/disclaimer.html

Re: Solr - Spring cloud – CVE-2022-22963

Posted by Shawn Heisey <ap...@elyograg.org>.

On 4/15/22 00:41, Rajath Banagi Ravindra wrote:
> We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.


Solr does not use any Spring libraries.  That is why it is not mentioned 
on the Security page.

Some Spring libraries are used for TESTS on the s3 backup repository.  
This is why the license information for Solr talks about Spring 
libraries.  None of the test code is present in a binary download of Solr.

You do not need to worry about that CVE unless you're doing something 
very nonstandard that involves Spring libraries that you have added to Solr.

Thanks,
Shawn

RE: Solr - Spring cloud – CVE-2022-22963

Posted by Rajath Banagi Ravindra <Ra...@mindtree.com.INVALID>.

Hi All,

Any update regarding the below request,

Thanks in Advance,

Regards
Rajath

From: Rajath Banagi Ravindra
Sent: Tuesday, April 5, 2022 9:19 AM
To: Aman Tandon <am...@gmail.com>; users@solr.apache.org
Subject: Solr - Spring cloud – CVE-2022-22963
Importance: High

Hi,

We are using Solr 7.5 version and Solr 6.4 version in our applications. Wanted to check if there is any impact due to vulnerability - CVE-2022-22963. I did googling and didn’t find any clear answers regarding same. Are Solr instances vulnerable and any action needed from our end, please let me know.

Regards
Rajath

________________________________

http://www.mindtree.com/email/disclaimer.html

Re: Solr - Spring cloud – CVE-2022-22963

Posted by Mike Drob <md...@mdrob.com>.

Rajath,

All of our known and disclosed security vulnerabilities are posted to
https://solr.apache.org/security.html

If something is not listed there than it is either not known, not
disclosed, or not a problem. If you believe you have discovered a new
vulnerability please follow the reporting guidelines outlined on that site.

Thank you,

Mike

On Tue, Apr 5, 2022 at 8:59 AM Rajath Banagi Ravindra
<Ra...@mindtree.com.invalid> wrote:

> Hi,
>
> We are using Solr 7.5 version and Solr 6.4 version in our applications.
> Wanted to check if there is any impact due to vulnerability -
> CVE-2022-22963. I did googling and didn’t find any clear answers regarding
> same. Are Solr instances vulnerable and any action needed from our end,
> please let me know.
>
> Regards
> Rajath
>
> ________________________________
>
> http://www.mindtree.com/email/disclaimer.html
>