Hi,
Please see the security page
https://solr.apache.org/security.html#cve-reports-for-apache-solr-dependencies
which lists CVEs that are vulnerable.
CVE-2022-42889 is listed as "not affected"
> Solr uses commons-text directly (StringEscapeUtils.escapeEcmaScript) in
> LoadAdminUiServlet that
Probably, yes.
But see:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools
Op wo 9 nov. 2022 om 08:17 schreef HariBabu kuruva <
hari2708.kur...@gmail.com>:
> Hi All,
>
> We are using solr-8.11.1 , Currently we have commons-text-1.6.jar,
Hi All,
We are using solr-8.11.1 , Currently we have commons-text-1.6.jar, shall i
replace it with commons-text-1.10.0.jar and restart the application? Will
that work ?
Please help.
On Wed, Oct 19, 2022 at 3:28 PM Markus Jelsma
wrote:
> Yes, it is already being done:
> https://issues.apache.o
Yes, it is already being done:
https://issues.apache.org/jira/browse/SOLR-16464
Op wo 19 okt. 2022 om 05:51 schreef Bierenfeld Michael (BayWa
München-Zentrale) :
> Hi,
>
> solr uses this library in affected Versions. Are there any plans for
> Updates to apache-commons >= 1.10.0 ?
>
> Regards
>
>
