On 1/11/23 09:44, Wesley Philip wrote:
Hello,
Mend security scan has flagged cxf-core-3.4.3.jar with CVE-2022-46364. I
believe this jar is pulled in as a dependency of Solr 7.3.1. I'm wondering if
Solr is truly vulnerable to this issue.
I don't see any file with "cxf" in its name (checked for it case
insensitive) either in Solr 7.3.1 or Solr built from branch_9x.
I have never heard of CXF before. I am reasonably certain that Solr
does not include it. Where did you hear that Solr uses it?
Thanks,
Shawn
