[
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044632#comment-18044632
]
Jan Høydahl commented on SOLR-17901:
------------------------------------
I have an evil plan (see dev@ list) to kill the entire Tika1 support
prematurlely already in Solr 9.11, simply because we cannot continue releasing
such old code with known vulnerabilities. It will be a back-compat break, but
we have not choice. Someone could step up to do some other "local" tika parsing
solution that is compatible with today's "local" backend, but as "local" mode
was deprecated in 9.10 and there is an almost compatible solution in
"tikaserver" backend, the disadvantage for the community in killing "local" in
9.11 is acceptable. For those stupid enough to not read release notes before
upgrading, and not upgrade first in a test environment :) they will get an
error message about TikaServer not configured, and then they will have to
deploy TikaServer somewhere somehow and provide its url.
> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
> Key: SOLR-17901
> URL: https://issues.apache.org/jira/browse/SOLR-17901
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
