You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by "Narayanan, Lakshmi" <la...@mmc.com.INVALID> on 2020/12/11 16:50:01 UTC

FW: Vulnerabilities in SOLR 8.6.2

Can anyone please advise?
Who else should be notified to get some guidance on this please??

Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>


From: Narayanan, Lakshmi <la...@mmc.com>
Sent: Friday, November 13, 2020 11:21 AM
To: solr-user@lucene.apache.org
Subject: FW: Vulnerabilities in SOLR 8.6.2

This is my 5th attempt in the last 60 days
Is there anyone looking at these mails?
Does anyone care?? :(


Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>


From: Narayanan, Lakshmi <la...@mmc.com>>
Sent: Thursday, October 22, 2020 1:06 PM
To: solr-user@lucene.apache.org<ma...@lucene.apache.org>
Subject: FW: Vulnerabilities in SOLR 8.6.2

This is my 4th attempt to contact
Please advise, if there is a build that fixes these vulnerabilities

Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>


From: Narayanan, Lakshmi <la...@mmc.com>>
Sent: Sunday, October 18, 2020 4:01 PM
To: solr-user@lucene.apache.org<ma...@lucene.apache.org>
Subject: FW: Vulnerabilities in SOLR 8.6.2

SOLR-User Support team
Is there anyone who can answer my question or can point to someone who can help
I have not had any response for the past 3 weeks !?
Please advise


Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>


From: Narayanan, Lakshmi <la...@mmc.com>>
Sent: Sunday, October 04, 2020 2:11 PM
To: solr-user@lucene.apache.org<ma...@lucene.apache.org>
Cc: Chattopadhyay, Salil <sa...@mmc.com>>; Mutnuri, Vishnu D <vi...@mmc.com>>; Pathak, Omkar <om...@mmc.com>>; Shenouda, Nasir B <na...@mmc.com>>
Subject: RE: Vulnerabilities in SOLR 8.6.2

Hello Solr-User Support team
Please advise or provide further guidance on the request below

Thank you!

Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>


From: Narayanan, Lakshmi <la...@mmc.com>>
Sent: Monday, September 28, 2020 1:52 PM
To: solr-user@lucene.apache.org<ma...@lucene.apache.org>
Cc: Chattopadhyay, Salil <sa...@mmc.com>>; Mutnuri, Vishnu D <vi...@mmc.com>>; Pathak, Omkar <om...@mmc.com>>; Shenouda, Nasir B <na...@mmc.com>>
Subject: Vulnerabilities in SOLR 8.6.2
Importance: High

Hello Solr-User Support team
We have installed the SOLR 8.6.2 package into docker container in our DEV environment. Prior to using it, our security team scanned the docker image using SysDig and found a lot of Critical/High/Medium vulnerabilities. The full list is in the attached spreadsheet

Scan Summary
30 STOPS     190 WARNS    188 Vulnerabilities

Please advise or point us to how/where to get a package that has been patched for the Critical/High/Medium vulnerabilities in the attached spreadsheet
Your help will be gratefully received


Lakshmi Narayanan
Marsh & McLennan Companies
121 River Street, Hoboken,NJ-07030
201-284-3345
M: 845-300-3809
Email: Lakshmi.narayanan@mmc.com<ma...@mmc.com>



________________________________


**********************************************************************
This e-mail, including any attachments that accompany it, may contain
information that is confidential or privileged. This e-mail is
intended solely for the use of the individual(s) to whom it was intended to be
addressed. If you have received this e-mail and are not an intended recipient,
any disclosure, distribution, copying or other use or
retention of this email or information contained within it are prohibited.
If you have received this email in error, please immediately
reply to the sender via e-mail and also permanently
delete all copies of the original message together with any of its attachments
from your computer or device.
**********************************************************************

Re: Vulnerabilities in SOLR 8.6.2

Posted by Walter Underwood <wu...@wunderwood.org>.

1. There is no Solr support team. This is a mailing list of volunteers using the software.
2. I do not recommend running Solr in a Docker container for production.
3. Please review the Solr Jira for security issues. If you believe that there are security vulnerabilities that need to be fixed, open a Jira issue.

https://issues.apache.org/jira/projects/SOLR/issues/SOLR-14792?filter=allopenissues

wunder
Walter Underwood
wunder@wunderwood.org
http://observer.wunderwood.org/  (my blog)

> On Dec 11, 2020, at 8:50 AM, Narayanan, Lakshmi <la...@mmc.com.INVALID> wrote:
> 
> Can anyone please advise?
> Who else should be notified to get some guidance on this please??
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <ma...@mmc.com>> 
> Sent: Friday, November 13, 2020 11:21 AM
> To: solr-user@lucene.apache.org <ma...@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> This is my 5th attempt in the last 60 days
> Is there anyone looking at these mails?
> Does anyone care?? L
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <ma...@mmc.com>> 
> Sent: Thursday, October 22, 2020 1:06 PM
> To: solr-user@lucene.apache.org <ma...@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> This is my 4th attempt to contact
> Please advise, if there is a build that fixes these vulnerabilities
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <ma...@mmc.com>> 
> Sent: Sunday, October 18, 2020 4:01 PM
> To: solr-user@lucene.apache.org <ma...@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> SOLR-User Support team
> Is there anyone who can answer my question or can point to someone who can help
> I have not had any response for the past 3 weeks !?
> Please advise
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <ma...@mmc.com>> 
> Sent: Sunday, October 04, 2020 2:11 PM
> To: solr-user@lucene.apache.org <ma...@lucene.apache.org>
> Cc: Chattopadhyay, Salil <salil.chattopadhyay@mmc.com <ma...@mmc.com>>; Mutnuri, Vishnu D <vishnu.d.mutnuri@mmc.com <ma...@mmc.com>>; Pathak, Omkar <omkar.pathak@mmc.com <ma...@mmc.com>>; Shenouda, Nasir B <nasir.b.shenouda@mmc.com <ma...@mmc.com>>
> Subject: RE: Vulnerabilities in SOLR 8.6.2
>  
> Hello Solr-User Support team
> Please advise or provide further guidance on the request below
>  
> Thank you!
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <ma...@mmc.com>> 
> Sent: Monday, September 28, 2020 1:52 PM
> To: solr-user@lucene.apache.org <ma...@lucene.apache.org>
> Cc: Chattopadhyay, Salil <salil.chattopadhyay@mmc.com <ma...@mmc.com>>; Mutnuri, Vishnu D <vishnu.d.mutnuri@mmc.com <ma...@mmc.com>>; Pathak, Omkar <omkar.pathak@mmc.com <ma...@mmc.com>>; Shenouda, Nasir B <nasir.b.shenouda@mmc.com <ma...@mmc.com>>
> Subject: Vulnerabilities in SOLR 8.6.2
> Importance: High
>  
> Hello Solr-User Support team
> We have installed the SOLR 8.6.2 package into docker container in our DEV environment. Prior to using it, our security team scanned the docker image using SysDig and found a lot of Critical/High/Medium vulnerabilities. The full list is in the attached spreadsheet
>  
> Scan Summary
> 30 STOPS     190 WARNS    188 Vulnerabilities
>  
> Please advise or point us to how/where to get a package that has been patched for the Critical/High/Medium vulnerabilities in the attached spreadsheet
> Your help will be gratefully received
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <ma...@mmc.com>
>  
>  
> 
> 
> 
> **********************************************************************
> This e-mail, including any attachments that accompany it, may contain 
> information that is confidential or privileged. This e-mail is 
> intended solely for the use of the individual(s) to whom it was intended to be
> addressed. If you have received this e-mail and are not an intended recipient,
> any disclosure, distribution, copying or other use or 
> retention of this email or information contained within it are prohibited.
> If you have received this email in error, please immediately 
> reply to the sender via e-mail and also permanently
> delete all copies of the original message together with any of its attachments
> from your computer or device. 
> **********************************************************************
> <SOLR862 Vulnerabilities.xlsx>