[
https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578860#comment-17578860
]
Sourabh Sarvotham Parkala commented on SOLR-16141:
--------------------------------------------------
[~krisden] The reason my colleague asked about this is to still provide a fix
for BDSA-2022-0608 (CVE-2022-26336).
The affected library is just org.apache.poi:poi-scratchpad:jar:4.1.2
Hence, please let us know if we can just update the
org.apache.poi:poi-scratchpad to 5.2.1? Would this cause regression in
solr-cell 8.11.1? Let us know if it is ok to just update poi-scratchpad to
5.2.1.
Thanks
Sourabh
> Update Apache poi to the version 5.2.1
> --------------------------------------
>
> Key: SOLR-16141
> URL: https://issues.apache.org/jira/browse/SOLR-16141
> Project: Solr
> Issue Type: Wish
> Reporter: Ivan Viaznikov
> Priority: Major
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1
> includes several bug fixes, including a resolution for CVE-2022-26336, which
> impacts poi-scratchpad.
> Therefore requesting you to update the version of Apache POI to 5.2.1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
