Hi,
Please see the security page
https://solr.apache.org/security.html#cve-reports-for-apache-solr-dependencies
which lists CVEs that are vulnerable.
CVE-2022-42889 is listed as "not affected"
> Solr uses commons-text directly (StringEscapeUtils.escapeEcmaScript) in
> LoadAdm
Hi,
I am currently using Solr 8.11.1
My network operations tech sent me information about CVE-2022-42889
NVD - CVE-2022-42889 (nist.gov)<https://nvd.nist.gov/vuln/detail/CVE-2022-42889>
Which basically is saying that Apache Commons Text versions 1.5-1.9 have a
vulnerability
8.11.1 appe
Probably, yes.
But see:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools
Op wo 9 nov. 2022 om 08:17 schreef HariBabu kuruva <
hari2708.kur...@gmail.com>:
> Hi All,
>
> We are using solr-8.11.1 , Currently we have commons-text-1.6.jar,
Hi All,
We are using solr-8.11.1 , Currently we have commons-text-1.6.jar, shall i
replace it with commons-text-1.10.0.jar and restart the application? Will
that work ?
Please help.
On Wed, Oct 19, 2022 at 3:28 PM Markus Jelsma
wrote:
> Yes, it is already being done:
> https://issues.apache.o
Yes, it is already being done:
https://issues.apache.org/jira/browse/SOLR-16464
Op wo 19 okt. 2022 om 05:51 schreef Bierenfeld Michael (BayWa
München-Zentrale) :
> Hi,
>
> solr uses this library in affected Versions. Are there any plans for
> Updates to apache-commons >= 1.10.0 ?
>
> Regards
>
>
Hi,
solr uses this library in affected Versions. Are there any plans for Updates to
apache-commons >= 1.10.0 ?
Regards
Michael
