This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new de6cf3e78 Commit build products
de6cf3e78 is described below
commit de6cf3e783fd077517cb46c10f2797e355138f8d
Author: Build Pelican (action) <[email protected]>
AuthorDate: Tue Jan 20 17:37:35 2026 +0000
Commit build products
---
output/feeds/all.atom.xml | 8 ++++----
output/feeds/solr/security.atom.xml | 8 ++++----
output/news.html | 8 ++++----
output/security.html | 8 ++++----
4 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 9a0dfec65..eed5e7f05 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -34,8 +34,8 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on
Solr's "Rule Based
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>S
[...]
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name
[...]
moderate</p>
<p><strong>Description</strong></p>
<p>The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficient input validation on some API parameters, which can cause Solr to
check the existence of and attempt to read file-system paths that should be
disallowed by Solr's "allowPaths" security setting. These read-only
…</p></summary><content
type="html"><p><strong>Severity</strong>
@@ -53,8 +53,8 @@ moderate</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</update
[...]
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</upda
[...]
<p>High</p>
<p><strong>Versions Affected</strong></p>
<ul>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index c8d986f50..197e65fcd 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -18,8 +18,8 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on
Solr's "Rule Based
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>S
[...]
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name
[...]
moderate</p>
<p><strong>Description</strong></p>
<p>The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficient input validation on some API parameters, which can cause Solr to
check the existence of and attempt to read file-system paths that should be
disallowed by Solr's "allowPaths" security setting. These read-only
…</p></summary><content
type="html"><p><strong>Severity</strong>
@@ -37,8 +37,8 @@ moderate</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</update
[...]
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</upda
[...]
<p>High</p>
<p><strong>Versions Affected</strong></p>
<ul>
diff --git a/output/news.html b/output/news.html
index 95f58a62a..998b97387 100644
--- a/output/news.html
+++ b/output/news.html
@@ -188,8 +188,8 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely
on Solr's "Rule Based
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
<h2
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">20
January 2026, CVE-2026-22444 - Insufficient file-access checking in standalone
core-creation requests
<a class="headerlink"
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
title="Permanent link">¶</a>
</h2>
@@ -208,8 +208,8 @@ moderate</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
<h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">9
December 2025, CVE-2025-66516: Apache Solr extraction module vulnerable to XXE
attacks via XFA content in PDFs
<a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
</h2>
diff --git a/output/security.html b/output/security.html
index 195590ac8..9bae68240 100644
--- a/output/security.html
+++ b/output/security.html
@@ -301,8 +301,8 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely
on Solr's "Rule Based
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
<hr/>
<h2
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">2026-01-20,
CVE-2026-22444 - Insufficient file-access checking in standalone core-creation
requests
<a class="headerlink"
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
title="Permanent link">¶</a>
@@ -322,8 +322,8 @@ moderate</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
<p><strong>References</strong>
-JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
-CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
+* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
+* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
<hr/>
<h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">2025-12-09,
CVE-2025-66516: Apache Solr extraction module vulnerable to XXE attacks via
XFA content in PDFs
<a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
