Hi Octavio, We still support legacy solr versions, specifically for CVE patching. Let me know if you'd like more info about the service. https://kmwllc.com/index.php/our-services/secure-solr/
Best, -Kevin On Tue, Mar 18, 2025 at 5:48 AM Octavio González <ogonza...@emergya.com> wrote: > Hello, > I have been a Solr user for quite some time, but I have never participated > in these mail lists nor contributed to the project, so sorry about that. > In our project, we are using Apache Solr 8.11.3, and we have been told > about some vulnerabilities affecting a library included in this version ( > *Hadoop* v3.2.4): CVE-2024-23454 > <https://nvd.nist.gov/vuln/detail/cve-2024-23454> and EOL > <https://endoflife.date/apache-hadoop>. > We have checked, and the last Solr v8.x version (8.11.4), which solves > other critical vulnerabilities (CVE-2024-45217 > <https://nvd.nist.gov/vuln/detail/CVE-2024-45217>,CVE-2024-45216 > <https://nvd.nist.gov/vuln/detail/CVE-2024-45216>), still uses this > version > of *Hadoop*, but we have not found anything about it in Jira, so we have > downloaded the sources and changed directly the version number on > *./lucene/ivy-versions.properties > *to 3.4.0. After that, we have built the project and deployed it, and > everything seems to be working fine so far. > Could you please consider applying this change for the next Solr 8.x > release? > Thank you very much. > Best, > > Octavio González Luna > > Software Architect > > Tlf.: +34 954 51 75 77 > > > *LEGAL NOTICE* >
