On 9/5/23 23:10, ramkrishna vasudevan wrote:
Now the tools that we run internally flags CVE-2021-44832 <https://nvd.nist.gov/vuln/detail/CVE-2021-44832>.
I did not notice that this was cross-posted to both users and dev. I read dev first, replied, and then saw this message.
This list (users) is the correct list for this. Please do not cross-post to multiple lists. The reason we have multiple lists is because each of them serves a different purpose ... it is VERY rare that a question will be appropriate for more than one list. The dev list is for discussions around developing Solr itself, not for anything on a user install.
You could have sent the message to the security list instead, though an old vulnerability like this is better handled on users. Anyone can send to the security list, but only project PMC members can subscribe to it. The security list is mostly for disclosure of new security problems, so there is a private way of letting the project know about a problem that needs to be fixed before going public.
Thanks, Shawn
