You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/02/26 09:29:00 UTC

[jira] [Updated] (AMBARI-25169) Upgrade Apache Solr version to 7.7.0 or later in Ambari

     [ https://issues.apache.org/jira/browse/AMBARI-25169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated AMBARI-25169:
------------------------------------
    Labels: pull-request-available  (was: )

> Upgrade Apache Solr version to 7.7.0 or later in Ambari
> -------------------------------------------------------
>
>                 Key: AMBARI-25169
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25169
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-infra
>    Affects Versions: 2.7.3
>            Reporter: Krisztian Kasa
>            Assignee: Krisztian Kasa
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.4
>
>
> CVE-2017-3164 SSRF issue in Apache Solr
> Severity: High
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Solr versions from 1.3 to 7.6.0
> Description:
> The "shards" parameter does not have a corresponding whitelist mechanism,
> so it can request any URL.
> Mitigation:
> Upgrade to Apache Solr 7.7.0 or later.
> Ensure your network settings are configured so that only trusted traffic is
> allowed to ingress/egress your hosts running Solr.
> Credit:
> dk from Chaitin Tech
> References:
> https://issues.apache.org/jira/browse/SOLR-12770
> https://wiki.apache.org/solr/SolrSecurity



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)