[
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044730#comment-18044730
]
Jan Høydahl commented on SOLR-17901:
------------------------------------
We don’t want all those old rika-parser dependencies in our release tar. It
causes solr being tagged as vulnerable, and theoretically a tika jar could be
exploited in the future even if not on the class path.. We cannot ship anything
with known CVEs.
> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
> Key: SOLR-17901
> URL: https://issues.apache.org/jira/browse/SOLR-17901
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
