Solr shouldn't be affected by CVE-2022-25168 based on the CVE description
here [1]. Solr is only a HDFS client when used in production code. The
Hadoop CVE in question won't be used by Solr code when interacting w/ HDFS
as a client.
[1] https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox
Hello,
Some customers that run security scans have seen issues with the 3.2.2
dependency as well, and asked to solve it. You can do several things:
* not use Solr on HDFS, or Hadoop features, and ignore it
* the same as above but delete the affected JARs
* replace the JARs with their 3.3.3 or 3.3.
Hi,
Our vulnerability scanning tool found a vulnerability from Hadoop in Solr
8.11.2. More specifically, it is introduced through
org.apache.solr:solr-core@8.11.2 › org.apache.hadoop:hadoop-common@3.2.2. The
published vulnerability is listed as CVE-2022-25168:
https://lists.apache.org/thread/m
