[
https://issues.apache.org/jira/browse/SOLR-17899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Veit updated SOLR-17899:
----------------------------------
Description:
{{org.bouncycastle:bcprov-jdk15on:1.70}} (Dec 2021) which is included in Solr
9.9.0 comes with four CVEs:
* [https://nvd.nist.gov/vuln/detail/CVE-2024-30171]
* [https://nvd.nist.gov/vuln/detail/CVE-2024-30172]
* [https://nvd.nist.gov/vuln/detail/CVE-2024-29857]
* [https://nvd.nist.gov/vuln/detail/CVE-2023-33201]
Possible solution: Upgrade to the latest
{{{}org.bouncycastle:bcprov-jdk18on{}}}.
was:
{{org.bouncycastle:bcprov-jdk15on:1.70}} (Dec 2021) which is included in Solr
9.9.0 comes with four CVEs:
* [https://nvd.nist.gov/vuln/detail/CVE-2024-30171]
* [https://nvd.nist.gov/vuln/detail/CVE-2024-30172]
* [https://nvd.nist.gov/vuln/detail/CVE-2024-29857]
* [https://nvd.nist.gov/vuln/detail/CVE-2023-33201]
> CVE-2024-30171, CVE-2024-30172, CVE-2024-29857, CVE-2023-33201 :
> vulnerabilities in Bouncy Castle provider 1.70 dependency
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-17899
> URL: https://issues.apache.org/jira/browse/SOLR-17899
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.bouncycastle:bcprov-jdk15on:1.70}} (Dec 2021) which is included in Solr
> 9.9.0 comes with four CVEs:
> * [https://nvd.nist.gov/vuln/detail/CVE-2024-30171]
> * [https://nvd.nist.gov/vuln/detail/CVE-2024-30172]
> * [https://nvd.nist.gov/vuln/detail/CVE-2024-29857]
> * [https://nvd.nist.gov/vuln/detail/CVE-2023-33201]
> Possible solution: Upgrade to the latest
> {{{}org.bouncycastle:bcprov-jdk18on{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
