You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2022/08/09 18:51:00 UTC

[jira] [Commented] (SOLR-16332) Fix Vulnerability CVE-2022-2048 | CVSS 7.5 | org.eclipse.jetty_jetty-io

    [ https://issues.apache.org/jira/browse/SOLR-16332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17577578#comment-17577578 ] 

Jan Høydahl commented on SOLR-16332:
------------------------------------

I propose to target this Jira for upgrading jetty to latest 9.4 version, currently 9.4.48.v20220622. This will then be released in 9.1. The more complex and slow-moving jetty10 upgrade can then proceed for a later Solr 9.x release.

> Fix Vulnerability CVE-2022-2048 | CVSS 7.5 | org.eclipse.jetty_jetty-io
> -----------------------------------------------------------------------
>
>                 Key: SOLR-16332
>                 URL: https://issues.apache.org/jira/browse/SOLR-16332
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 9.0, 8.11.2
>            Reporter: Chris Sabelstrom
>            Assignee: Jan Høydahl
>            Priority: Major
>         Attachments: image-2022-08-09-09-39-43-134.png
>
>
> Our security scanner detected the following vulnerability. Please upgrade to version noted in Status column. Please fix this for 8.11 as well as 9.0
> !image-2022-08-09-09-39-43-134.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org