[
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044535#comment-18044535
]
Jan Høydahl commented on SOLR-17901:
------------------------------------
When posting a report, please explain whether and how you mean Solr is
vulnerable, and what risk users run if they don't upgrade. Just a report with a
link to nvd is normally not very helpful.
Even better, if you have ability to help get us away from Tika 1.x in Solr 9.x,
then that would be appreciated. Tika-pipes has been proposed as a local
alternative.
> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
> Key: SOLR-17901
> URL: https://issues.apache.org/jira/browse/SOLR-17901
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
