[
https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603111#comment-17603111
]
Uwe Schindler commented on SOLR-16141:
--------------------------------------
In general, CVE or issues in 3rd party components which need manual interaction
to get enabled in Solr will not get security updates automatically. They may
get updated due to normal dependency updates in Solr.
As said before Apache POI is not enabled by default and risk to be affected by
this rare issue in POI is unlikely, so we won't update older versions.
> Update Apache poi to the version 5.2.1
> --------------------------------------
>
> Key: SOLR-16141
> URL: https://issues.apache.org/jira/browse/SOLR-16141
> Project: Solr
> Issue Type: Wish
> Reporter: Ivan Viaznikov
> Priority: Major
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1
> includes several bug fixes, including a resolution for CVE-2022-26336, which
> impacts poi-scratchpad.
> Therefore requesting you to update the version of Apache POI to 5.2.1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
