[
https://issues.apache.org/jira/browse/SOLR-15355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431354#comment-17431354
]
Kevin Risden commented on SOLR-15355:
-------------------------------------
{quote} Any idea what might be up with this Kevin?{quote}
Ummm no idea why this would break [~dsmiley]. My first guess is the AWS library
upgrade behind the scenes? Another guess is are you using the s3guard stuff and
if that state could be corrupt? Another idea is if you are using consistent s3
(I don't know if that is just GA for everyone now or still opt in - S3 used to
be eventually consistent)
{quote}Do you think upgrading to 3.3.1 might be straight-forward; perhaps that
could fix it?{quote}
This might I know there are always improvements to the AWS s3 code behind each
release. I don't think it would be a major upgrade. The biggest issue is some
of the HDFS tests and some of the copied classes to make Solr thread leak check
happy.
> CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2
> --------------------------------------------------
>
> Key: SOLR-15355
> URL: https://issues.apache.org/jira/browse/SOLR-15355
> Project: Solr
> Issue Type: Bug
> Components: hdfs, security
> Affects Versions: 8.6, 8.6.2
> Reporter: Nazerke Seidan
> Priority: Major
> Fix For: 8.10
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> CVE-2020-9492 vuln. issue is found in 8x component
> maven:org.apache.hadoop:hadoop-hdfs-client (version3.2.0) It seems with the
> version 3.2.0 hdfs client might send authorization header to remote url
> without verification.
> ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9492])
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
