[
https://issues.apache.org/jira/browse/SOLR-5520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Uwe Schindler resolved SOLR-5520.
---------------------------------
Resolution: Fixed
> Backport some security fixes from 4.x to 3.6.x branch
> -----------------------------------------------------
>
> Key: SOLR-5520
> URL: https://issues.apache.org/jira/browse/SOLR-5520
> Project: Solr
> Issue Type: Bug
> Affects Versions: 3.6.2
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Labels: security
> Fix For: 3.6.3
>
> Attachments: CVE-fixes-Solr36.patch, SOLR-4481-3895-36.patch,
> SOLR-4882-36.patch, SOLR-4882-fix.patch
>
>
> Redhat wants to backport some security fixes we applied in 4.1 and 4.6 to the
> Solr tree to 3.6, because their user-base still uses this version. To help
> them with backporting across the major API/version changes, we should also do
> this on the 3.6 branch.
> Redhat already assigned 3 CVE numbers to these issues and take the older
> issues seriously, and they will patch older versions and also force users to
> upgrade. cf,
> [CVE-2013-6397|https://access.redhat.com/security/cve/CVE-2013-6397]
> (SOLR-4882),
> [CVE-2013-6407|https://access.redhat.com/security/cve/CVE-2013-6407]
> (SOLR-3895),
> [CVE-2013-6408|https://access.redhat.com/security/cve/CVE-2013-6408]
> (SOLR-4881).
> To fully fix, we might need to backport more patches. I will take care of
> this. This issue may be useful, if we release a 3.6.3 package.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
