[jira] [Resolved] (SOLR-16517) Solr export 8.11.2-slim Vulnerabilities

["Houston Putman (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/SOLR-16517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Houston Putman resolved SOLR-16517.
-----------------------------------
    Resolution: Invalid

Please read our security page: https://solr.apache.org/security.html

This is an issue tracker, and we do not accept vulnerability scans as issues.

DockerHub will provide timely updates of the base image, and Solr maintains a list of exploitative CVEs for its dependencies.

> Solr export 8.11.2-slim Vulnerabilities 
> ----------------------------------------
>
>                 Key: SOLR-16517
>                 URL: https://issues.apache.org/jira/browse/SOLR-16517
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 8.11.2
>            Reporter: Ritchie Gu
>            Priority: Critical
>         Attachments: twistlock_images-Solr-Exporter.csv
>
>
> I have a question regarding the solr exporter [https://hub.docker.com/layers/library/solr/8.11.2-slim/images/sha256-e2e7e8fddb75ec8055c2745bbaf784cd7608ea5898f17144312f316ef0a1f488?context=explore]
> Our twistlock scan result showing that it has 95 vulnerabilities. We are going through an auditing process and would like to get some answers from Apache Solr team since it's officially supported. 
> Also is there any plan that Solr team will address these vulnerabilities?
> I will attach the scan result here in the ticket.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org