Thank you so much for your detailed explanation.
Upon further investigation, I’ve tracked down the root of the vulnerability.
{
"type": "jar",
"name": "net.minidev_json-smart",
"version": "1.3.2",
"path":
"/opt/solr-9.5.0/modules/hdfs/lib/hadoop-client-runtime-3.3.
On 2/13/2024 10:06, Shahryar Shagoshtasbi wrote:
Thank you for your prompt response.
Our scans have detected these CVEs in 9.1 and higher (At least the one we have
tested).
I’d highly appreciate if you could link me to the appropriate changelog for
these changes.
Solr 8.11.3 was announced onl
Not vulnerable since 9.3. Newest is 9.5. Changelog on Solr website and in
GitHub. Always check newest version before filing a bug/mail. 9.x versions
prior to 9.5 will not receive bug fixes.
Jan Høydahl
> 13. feb. 2024 kl. 18:07 skrev Shahryar Shagoshtasbi
> :
>
> Hi there,
>
> Thank you for
Hi there,
Thank you for your prompt response.
Our scans have detected these CVEs in 9.1 and higher (At least the one we have
tested).
I’d highly appreciate if you could link me to the appropriate changelog for
these changes.
Thanks.
On 2024/02/13 16:55:24 Jan Høydahl wrote:
> Hi Shahryar,
>
Hi Shahryar,
You do not specify what versions of Solr you believe to be vulnerable to those
two CVEs.
A quick check finds that they are both already plugged both in all actively
supported versions of Solr (i.e. 9.x and 8.11.x).
In the future you can check this yourself by looking at Solr's chan
