Solr shouldn't be affected by CVE-2022-25168 based on the CVE description
here [1]. Solr is only a HDFS client when used in production code. The
Hadoop CVE in question won't be used by Solr code when interacting w/ HDFS
as a client.
[1] https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox
Hello,
Some customers that run security scans have seen issues with the 3.2.2
dependency as well, and asked to solve it. You can do several things:
* not use Solr on HDFS, or Hadoop features, and ignore it
* the same as above but delete the affected JARs
* replace the JARs with their 3.3.3 or 3.3.
