[ https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578860#comment-17578860 ]
Sourabh Sarvotham Parkala commented on SOLR-16141: -------------------------------------------------- [~krisden] The reason my colleague asked about this is to still provide a fix for BDSA-2022-0608 (CVE-2022-26336). The affected library is just org.apache.poi:poi-scratchpad:jar:4.1.2 Hence, please let us know if we can just update the org.apache.poi:poi-scratchpad to 5.2.1? Would this cause regression in solr-cell 8.11.1? Let us know if it is ok to just update poi-scratchpad to 5.2.1. Thanks Sourabh > Update Apache poi to the version 5.2.1 > -------------------------------------- > > Key: SOLR-16141 > URL: https://issues.apache.org/jira/browse/SOLR-16141 > Project: Solr > Issue Type: Wish > Reporter: Ivan Viaznikov > Priority: Major > > org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1 > includes several bug fixes, including a resolution for CVE-2022-26336, which > impacts poi-scratchpad. > Therefore requesting you to update the version of Apache POI to 5.2.1 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org