[ 
https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578860#comment-17578860
 ] 

Sourabh Sarvotham Parkala commented on SOLR-16141:
--------------------------------------------------

[~krisden] The reason my colleague asked about this is to still provide a fix 
for BDSA-2022-0608 (CVE-2022-26336).

The affected library is just org.apache.poi:poi-scratchpad:jar:4.1.2

Hence, please let us know if we can just update the 
org.apache.poi:poi-scratchpad to 5.2.1? Would this cause regression in 
solr-cell 8.11.1? Let us know if it is ok to just update poi-scratchpad to 
5.2.1.

Thanks
Sourabh

> Update Apache poi to the version 5.2.1
> --------------------------------------
>
>                 Key: SOLR-16141
>                 URL: https://issues.apache.org/jira/browse/SOLR-16141
>             Project: Solr
>          Issue Type: Wish
>            Reporter: Ivan Viaznikov
>            Priority: Major
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1 
> includes several bug fixes, including a resolution for CVE-2022-26336, which 
> impacts poi-scratchpad.
> Therefore requesting you to update the version of Apache POI to 5.2.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to