Looking at these two CVE's they both appear to represent the possibility of browser level DOS and not any compromise in access to the service. So at most a person whom you have given access to the admin UI could inhibit themselves from using that UI, or perhaps send someone else who has access a link that fails to work because it locks up the browser. Neither of these scenarios seem sufficient to motivate changes directly. (of course I may have misinterpreted them too, feel free to correct me if that is so).
Updating the UI is always welcome however and if you would like to work towards it the project is certainly always happy to have help. It is the case that most people are interested in Solr for its search technology, so it's been chronically hard to attract folks that have time to donate to the project and UI skills. -Gus On Wed, Apr 3, 2024 at 1:27 AM Rajasree Jayaram <rjaya...@opentext.com.invalid> wrote: > Hi, > Our product utilizes Apache Solr, and our security scans have identified > high vulnerabilities in the angular.js files, specifically relating to the > following CVEs: > > * CVE-2022-25844 > * CVE-2024-21490 > Could you please clarify if transitioning to Angular is included in Solr's > roadmap? Additionally, do we have a tentative timeline for this transition? > > Thank you, > Rajasree > -- http://www.needhamsoftware.com (work) https://a.co/d/b2sZLD9 (my fantasy fiction book)
