Hi Hoss, Looks OK. Uwe
Am 28. August 2014 20:50:16 MESZ, schrieb Apache Wiki <[email protected]>: >Dear Wiki user, > >You have subscribed to a wiki page or wiki category on "Solr Wiki" for >change notification. > >The "ReleaseNote410" page has been changed by HossMan: >https://wiki.apache.org/solr/ReleaseNote410?action=diff&rev1=3&rev2=4 > >Comment: >replace details in with summary and existing URL to details > > Solr 4.10.0 Release Highlights: > > * This release upgrades Solr Cell's (contrib/extraction) dependency >- on Apache POI to mitigate the following security problems: >+ on Apache POI to mitigate 2 security vulnerabilities: >+ http://s.apache.org/solr-cell-security-notice >- >- CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's >- OpenXML parser >- Type: Information disclosure >- Description: Apache POI uses Java's XML components to parse OpenXML >- files produced by Microsoft Office products (DOCX, XLSX, PPTX,...). >- Applications that accept such files from end-users are vulnerable >to >- XML External Entity (XXE) attacks, which allows remote attackers to >- bypass security restrictions and read arbitrary files via a crafted >- OpenXML document that provides an XML external entity declaration >- in conjunction with an entity reference. >- >- CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's >- OpenXML parser >- Type: Denial of service >- Description: Apache POI uses Java's XML components and Apache >Xmlbeans >- to parse OpenXML files produced by Microsoft Office products (DOCX, >- XLSX, PPTX,...). Applications that accept such files from end-users >- are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"), >- which allows remote hackers to consume large amounts of CPU >resources. > > * Scripts for starting, stopping, and running Solr examples > -- Uwe Schindler H.-H.-Meier-Allee 63, 28213 Bremen http://www.thetaphi.de
