This is my monthly reminder to SOLR support groups Please advise if the below listed vulnerabilities have been resolved in higher versions of SOLR Any response to this message will be gratefully received
Thank you Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com> Sent: Sunday, August 01, 2021 10:12 PM To: solr-u...@lucene.apache.org; users@solr.apache.org Subject: RE: Vulnerabilities in SOLR 8.8.2 Hello SOLR Support team This is my monthly check on this subject Is someone listening out there to help me with my question below please? Please advise Thank you From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Monday, July 05, 2021 1:27 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org>; users@solr.apache.org<mailto:users@solr.apache.org> Subject: RE: Vulnerabilities in SOLR 8.8.2 Hello SOLR User Support Team Please advise, how to address these vulnerabilities in SOLR package This is preventing us from going live Please advise, if this needs to be sent to any other teams within SOLR user support Thank you Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Monday, June 07, 2021 4:28 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org>; users@solr.apache.org<mailto:users@solr.apache.org> Subject: RE: Vulnerabilities in SOLR 8.8.2 Sending to users@solr.apache.org<mailto:users@solr.apache.org> Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Monday, June 07, 2021 3:28 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Subject: Vulnerabilities in SOLR 8.8.2 Hello SOLR-User Support team Please advise if there is resolution to the vulnerabilities listed below in SOLR 8.8.2 This is preventing us from using the SOLR product I have tried to contact this mailgroup fro support before; Please advise if there is another mailgroup I can reach for SOLR Support? Thank you Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> Vulnerability Severity Package Package Version Package Type Package Path URL Fix Stop Grace Period Stop Known Warn VULNDB-180024 High derby 10.9.1.0 java /opt/solr-8.8.2/example/example-DIH/solr/db/lib/derby-10.9.1.0.jar https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-180024 10.14.2.0 True False False VULNDB-247944 High hadoop 3.2.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/hadoop-annotations-3.2.0.jar https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-247944 2.10.1, 3.1.4, 3.2.2, 3.3.0 True False False VULNDB-247944 High hadoop 3.2.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/hadoop-auth-3.2.0.jar https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-247944 2.10.1, 3.1.4, 3.2.2, 3.3.0 True False False VULNDB-247944 High hadoop 3.2.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/hadoop-common-3.2.0.jar https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-247944 2.10.1, 3.1.4, 3.2.2, 3.3.0 True False False VULNDB-247944 High hadoop 3.2.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/hadoop-hdfs-client-3.2.0.jar https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-247944 2.10.1, 3.1.4, 3.2.2, 3.3.0 True False False VULNDB-223108 High jackson-databind 2.4.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/htrace-core4-4.1.0-incubating.jar:jackson-databind https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-223108 2.8.11.5, 2.9.10.3 True False False VULNDB-214563 High jackson-databind 2.4.0 java /opt/solr-8.8.2/server/solr-webapp/webapp/WEB-INF/lib/htrace-core4-4.1.0-incubating.jar:jackson-databind https://mgti-dal-so-sysdig.mrshmc.com:443/secure/#/scanning/vulnerabilities/VULNDB-214563 2.10.0, 2.9.10.1 True False False From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Friday, December 11, 2020 11:50 AM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Subject: FW: Vulnerabilities in SOLR 8.6.2 Can anyone please advise? Who else should be notified to get some guidance on this please?? Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Friday, November 13, 2020 11:21 AM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Subject: FW: Vulnerabilities in SOLR 8.6.2 This is my 5th attempt in the last 60 days Is there anyone looking at these mails? Does anyone care?? :( Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Thursday, October 22, 2020 1:06 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Subject: FW: Vulnerabilities in SOLR 8.6.2 This is my 4th attempt to contact Please advise, if there is a build that fixes these vulnerabilities Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Sunday, October 18, 2020 4:01 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Subject: FW: Vulnerabilities in SOLR 8.6.2 SOLR-User Support team Is there anyone who can answer my question or can point to someone who can help I have not had any response for the past 3 weeks !? Please advise Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Sunday, October 04, 2020 2:11 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Cc: Chattopadhyay, Salil <salil.chattopadh...@mmc.com<mailto:salil.chattopadh...@mmc.com>>; Mutnuri, Vishnu D <vishnu.d.mutn...@mmc.com<mailto:vishnu.d.mutn...@mmc.com>>; Pathak, Omkar <omkar.pat...@mmc.com<mailto:omkar.pat...@mmc.com>>; Shenouda, Nasir B <nasir.b.sheno...@mmc.com<mailto:nasir.b.sheno...@mmc.com>> Subject: RE: Vulnerabilities in SOLR 8.6.2 Hello Solr-User Support team Please advise or provide further guidance on the request below Thank you! Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com>> Sent: Monday, September 28, 2020 1:52 PM To: solr-u...@lucene.apache.org<mailto:solr-u...@lucene.apache.org> Cc: Chattopadhyay, Salil <salil.chattopadh...@mmc.com<mailto:salil.chattopadh...@mmc.com>>; Mutnuri, Vishnu D <vishnu.d.mutn...@mmc.com<mailto:vishnu.d.mutn...@mmc.com>>; Pathak, Omkar <omkar.pat...@mmc.com<mailto:omkar.pat...@mmc.com>>; Shenouda, Nasir B <nasir.b.sheno...@mmc.com<mailto:nasir.b.sheno...@mmc.com>> Subject: Vulnerabilities in SOLR 8.6.2 Importance: High Hello Solr-User Support team We have installed the SOLR 8.6.2 package into docker container in our DEV environment. Prior to using it, our security team scanned the docker image using SysDig and found a lot of Critical/High/Medium vulnerabilities. The full list is in the attached spreadsheet Scan Summary 30 STOPS 190 WARNS 188 Vulnerabilities Please advise or point us to how/where to get a package that has been patched for the Critical/High/Medium vulnerabilities in the attached spreadsheet Your help will be gratefully received Lakshmi Narayanan Marsh & McLennan Companies 121 River Street, Hoboken,NJ-07030 201-284-3345 M: 845-300-3809 Email: lakshmi.naraya...@mmc.com<mailto:lakshmi.naraya...@mmc.com> ________________________________ ********************************************************************** This e-mail, including any attachments that accompany it, may contain information that is confidential or privileged. This e-mail is intended solely for the use of the individual(s) to whom it was intended to be addressed. If you have received this e-mail and are not an intended recipient, any disclosure, distribution, copying or other use or retention of this email or information contained within it are prohibited. If you have received this email in error, please immediately reply to the sender via e-mail and also permanently delete all copies of the original message together with any of its attachments from your computer or device. **********************************************************************
