[
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044632#comment-18044632
]
Jan Høydahl edited comment on SOLR-17901 at 12/12/25 9:31 AM:
--------------------------------------------------------------
I have an evil plan (see dev@ list) to kill the entire Tika1 support
prematurlely already in Solr 9.11, simply because we cannot continue releasing
such old code with known vulnerabilities. It will be a back-compat break, but
we have not choice. Someone could step up to do some other "local" tika parsing
solution that is compatible with today's "local" backend, but as "local" mode
was deprecated in 9.10 and there is an almost compatible solution in
"tikaserver" backend, the disadvantage for the community in killing "local" in
9.11 is acceptable. For those stupid enough to not read release notes before
upgrading, and not upgrade first in a test environment :) they will get an
error message about TikaServer not configured, and then they will have to
deploy TikaServer somewhere somehow and provide its url.
I.e. we can close all these already after release of 9.11, when we'll have no
supported version of Solr with these problems.
was (Author: janhoy):
I have an evil plan (see dev@ list) to kill the entire Tika1 support
prematurlely already in Solr 9.11, simply because we cannot continue releasing
such old code with known vulnerabilities. It will be a back-compat break, but
we have not choice. Someone could step up to do some other "local" tika parsing
solution that is compatible with today's "local" backend, but as "local" mode
was deprecated in 9.10 and there is an almost compatible solution in
"tikaserver" backend, the disadvantage for the community in killing "local" in
9.11 is acceptable. For those stupid enough to not read release notes before
upgrading, and not upgrade first in a test environment :) they will get an
error message about TikaServer not configured, and then they will have to
deploy TikaServer somewhere somehow and provide its url.
> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
> Key: SOLR-17901
> URL: https://issues.apache.org/jira/browse/SOLR-17901
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
