Thanks a lot Shawn. I do apologize for cross posting it though. Sometimes dev community and the PMCs are more closer to the security items hence I did send to both. But i totally agree with you. Next time will send it to security@ mailing list.
But your answer to this was very useful to us. Regards Ram On Thu, Sep 7, 2023 at 4:49 AM Shawn Heisey <apa...@elyograg.org> wrote: > On 9/5/23 23:10, ramkrishna vasudevan wrote: > > Now the tools that we run internally flags CVE-2021-44832 > > <https://nvd.nist.gov/vuln/detail/CVE-2021-44832>. > > I did not notice that this was cross-posted to both users and dev. I > read dev first, replied, and then saw this message. > > This list (users) is the correct list for this. Please do not > cross-post to multiple lists. The reason we have multiple lists is > because each of them serves a different purpose ... it is VERY rare that > a question will be appropriate for more than one list. The dev list is > for discussions around developing Solr itself, not for anything on a > user install. > > You could have sent the message to the security list instead, though an > old vulnerability like this is better handled on users. Anyone can send > to the security list, but only project PMC members can subscribe to it. > The security list is mostly for disclosure of new security problems, so > there is a private way of letting the project know about a problem that > needs to be fixed before going public. > > Thanks, > Shawn > >
