You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Cassandra Targett (Jira)" <ji...@apache.org> on 2021/08/18 21:11:00 UTC

[jira] [Resolved] (SOLR-15506) Upgrade Apache Derby to >=10.14.2.0

     [ https://issues.apache.org/jira/browse/SOLR-15506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Cassandra Targett resolved SOLR-15506.
--------------------------------------
    Resolution: Won't Fix

Derby is used in the DataImportHandler contrib only in tests so it's not part of DIH per se. It's on the list of dependency "false positives" that are not considered problematic for Solr: https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools

Additionally, DIH has been removed from Solr 9.0, so closing this as a Won't Fix as we are not investing further in it going forward.

> Upgrade Apache Derby to >=10.14.2.0
> -----------------------------------
>
>                 Key: SOLR-15506
>                 URL: https://issues.apache.org/jira/browse/SOLR-15506
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Somesh Dhal
>            Priority: Major
>
> Solr 8.9.0 is having derby-10.9.1.0 for which the Following Vulnerabilities are identified.
> [CVE-2018-1313 (BDSA-2018-1426), CVE-2015-1832].
> So Derby has to be upgraded to >=10.14.2.0 to deal with these Vulnerabilities.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org