Hi Ng, We maintain a custom build of solr that fixes all of those (and many more) on the 8.11.x branch. Let me know if you're interested and if so perhaps we can set up a time to chat about it. Best Regards, -Kevin Watters KMW Technology
On Mon, Jan 30, 2023 at 2:26 PM Ng Pei Shan <peishan...@websparks.sg> wrote: > Hi there, > > We are using Solr container image for our application. AWS Inspector Scan > has reflected some vulnerabilities on the libraries. > May I know if this is the correct channel to seek help in the resolution > of the below vulnerabilities? > > Container image used: 8.11.2-r0 > Platform: Debian 11 > > Below are the vulnerabilities reflected: > CVE-2022-25168 <https://github.com/advisories/GHSA-8wm5-8h9c-47pc> - > org.apache.hadoop:hadoop-common > CVE-2022-26612 <https://github.com/advisories/GHSA-gx2c-fvhc-ph4j> - > org.apache.hadoop:hadoop-common > CVE-2021-37404 <https://github.com/advisories/GHSA-rmpj-7c96-mrg8> - > org.apache.hadoop:hadoop-common > CVE-2020-10650 <https://github.com/advisories/GHSA-rpr3-cw39-3pxh> - > com.fasterxml.jackson.core:jackson-databind > > Affected library: > hadoop-common-3.2.2.jar > htrace-core4-4.1.0-incubating.jar > > Best Regards, > > <http://www.websparks.sg/> > > *Ng Pei Shan,* > Project Manager > > *Websparks Pte Ltd* > 61 Kaki Bukit Avenue 1, Shun Li Industrial Park #04-08 Singapore 417943 > (O): +65 6292-4654 (M) +65 9710-2851 > http://www.websparks.sg | * - Adding the sparkles to your web presence! > - * > > > > > ------------------------------ > > > > > > "This email is confidential and may be privileged. If you are not the > intended recipient, please delete it and notify us immediately; you should > not copy or use it for any purpose, nor disclose its contents to any other > person. Thank you." > > > ------------------------------ > > "This email is confidential and may be privileged. If you are not the > intended recipient, please delete it and notify us immediately; you should > not copy or use it for any purpose, nor disclose its contents to any other > person. Thank you." >
