[
https://issues.apache.org/jira/browse/SOLR-17031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777224#comment-17777224
]
Jan Høydahl edited comment on SOLR-17031 at 10/19/23 12:08 PM:
---------------------------------------------------------------
Solr 9.4.0 already has 4.1.99. Feel free to make a PR for doing the same for
8.11.3 in [https://github.com/apache/lucene-solr/tree/branch_8_11]
You'll basically
* Update
[https://github.com/apache/lucene-solr/blob/branch_8_11/lucene/ivy-versions.properties]
* ant clean-jars jar-checksums
was (Author: janhoy):
Solr 9.4.0 already has 4.1.99. Feel free to make a PR for doing the same for
8.11.3 in [https://github.com/apache/lucene-solr/tree/branch_8_11]
> Update netty jars to 4.1.99+ to fix CVE-2023-4586
> -------------------------------------------------
>
> Key: SOLR-17031
> URL: https://issues.apache.org/jira/browse/SOLR-17031
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.11.2
> Reporter: Dhoka Pramod
> Priority: Critical
>
> [https://nvd.nist.gov/vuln/detail/CVE-2023-4586]
> A vulnerability was found in the Hot Rod client. This security issue occurs
> as the Hot Rod client does not enable hostname validation when using TLS,
> possibly resulting in a man-in-the-middle (MITM) attack.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
