You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/02/26 09:29:00 UTC
[jira] [Updated] (AMBARI-25169) Upgrade Apache Solr version to
7.7.0 or later in Ambari
[ https://issues.apache.org/jira/browse/AMBARI-25169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated AMBARI-25169:
------------------------------------
Labels: pull-request-available (was: )
> Upgrade Apache Solr version to 7.7.0 or later in Ambari
> -------------------------------------------------------
>
> Key: AMBARI-25169
> URL: https://issues.apache.org/jira/browse/AMBARI-25169
> Project: Ambari
> Issue Type: Task
> Components: ambari-infra
> Affects Versions: 2.7.3
> Reporter: Krisztian Kasa
> Assignee: Krisztian Kasa
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.7.4
>
>
> CVE-2017-3164 SSRF issue in Apache Solr
> Severity: High
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Solr versions from 1.3 to 7.6.0
> Description:
> The "shards" parameter does not have a corresponding whitelist mechanism,
> so it can request any URL.
> Mitigation:
> Upgrade to Apache Solr 7.7.0 or later.
> Ensure your network settings are configured so that only trusted traffic is
> allowed to ingress/egress your hosts running Solr.
> Credit:
> dk from Chaitin Tech
> References:
> https://issues.apache.org/jira/browse/SOLR-12770
> https://wiki.apache.org/solr/SolrSecurity
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)