This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 208500346 Commit build products
208500346 is described below
commit 2085003461ab7def6039b5024e42f495c99b834b
Author: Build Pelican (action) <[email protected]>
AuthorDate: Tue Jan 20 17:45:00 2026 +0000
Commit build products
---
output/feeds/all.atom.xml | 16 ++++++++++------
output/feeds/solr/security.atom.xml | 16 ++++++++++------
output/news.html | 16 ++++++++++------
output/security.html | 16 ++++++++++------
4 files changed, 40 insertions(+), 24 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index db5b31081..75a261dcb 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -33,9 +33,11 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on
Solr's "Rule Based
<p>Users can mitigate this vulnerability by ensuring that their
RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined
permission and associates the permission with an "admin" or other privileged
role. Users can also upgrade to a Solr version outside of the impacted range,
such as the recently released Solr 9.10.1.</p>
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>
[...]
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></li>
+</ul></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2026-01-20:/cve-2026-22444-insufficient-file-access
[...]
moderate</p>
<p><strong>Description</strong></p>
<p>The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficient input validation on some API parameters, which can cause Solr to
check the existence of and attempt to read file-system paths that should be
disallowed by Solr's "allowPaths" security setting. These read-only
…</p></summary><content
type="html"><p><strong>Severity</strong>
@@ -52,9 +54,11 @@ moderate</p>
<p>Users can mitigate this by enabling Solr's
RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list
that prevents untrusted users from creating new Solr cores. Users should also
upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this
issue.</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</upda
[...]
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></li>
+</ul></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-12-09:/cve-2025-66516-apache [...]
<p>High</p>
<p><strong>Versions Affected</strong></p>
<ul>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index ed4fb8019..b19605241 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -17,9 +17,11 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on
Solr's "Rule Based
<p>Users can mitigate this vulnerability by ensuring that their
RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined
permission and associates the permission with an "admin" or other privileged
role. Users can also upgrade to a Solr version outside of the impacted range,
such as the recently released Solr 9.10.1.</p>
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>
[...]
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054">SOLR-18054</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022">CVE-2026-22022</a></li>
+</ul></content><category
term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient
file-access checking in standalone core-creation requests</title><link
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2026-01-20:/cve-2026-22444-insufficient-file-access
[...]
moderate</p>
<p><strong>Description</strong></p>
<p>The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficient input validation on some API parameters, which can cause Solr to
check the existence of and attempt to read file-system paths that should be
disallowed by Solr's "allowPaths" security setting. These read-only
…</p></summary><content
type="html"><p><strong>Severity</strong>
@@ -36,9 +38,11 @@ moderate</p>
<p>Users can mitigate this by enabling Solr's
RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list
that prevents untrusted users from creating new Solr cores. Users should also
upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this
issue.</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></p></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</upda
[...]
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058">SOLR-18058</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444">CVE-2026-22444</a></li>
+</ul></content><category
term="solr/security"/></entry><entry><title>CVE-2025-66516: Apache Solr
extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</published><updated>2025-12-09T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-12-09:/cve-2025-66516-apache [...]
<p>High</p>
<p><strong>Versions Affected</strong></p>
<ul>
diff --git a/output/news.html b/output/news.html
index 77b62d141..d6927dd2f 100644
--- a/output/news.html
+++ b/output/news.html
@@ -187,9 +187,11 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely
on Solr's "Rule Based
<p>Users can mitigate this vulnerability by ensuring that their
RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined
permission and associates the permission with an "admin" or other privileged
role. Users can also upgrade to a Solr version outside of the impacted range,
such as the recently released Solr 9.10.1.</p>
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></li>
+</ul>
<h2
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">20
January 2026, CVE-2026-22444: Insufficient file-access checking in standalone
core-creation requests
<a class="headerlink"
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
title="Permanent link">¶</a>
</h2>
@@ -207,9 +209,11 @@ moderate</p>
<p>Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if
disabled) and configuring a permission-list that prevents untrusted users from
creating new Solr cores. Users should also upgrade to Apache Solr 9.10.1 or
greater, which contain fixes for this issue.</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></li>
+</ul>
<h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">9
December 2025, CVE-2025-66516: Apache Solr extraction module vulnerable to XXE
attacks via XFA content in PDFs
<a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
</h2>
diff --git a/output/security.html b/output/security.html
index d669fd570..c88116848 100644
--- a/output/security.html
+++ b/output/security.html
@@ -300,9 +300,11 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely
on Solr's "Rule Based
<p>Users can mitigate this vulnerability by ensuring that their
RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined
permission and associates the permission with an "admin" or other privileged
role. Users can also upgrade to a Solr version outside of the impacted range,
such as the recently released Solr 9.10.1.</p>
<p><strong>Credit</strong>
monkeontheroof (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></li>
+</ul>
<hr/>
<h2
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">2026-01-20,
CVE-2026-22444: Insufficient file-access checking in standalone core-creation
requests
<a class="headerlink"
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
title="Permanent link">¶</a>
@@ -321,9 +323,11 @@ moderate</p>
<p>Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if
disabled) and configuring a permission-list that prevents untrusted users from
creating new Solr cores. Users should also upgrade to Apache Solr 9.10.1 or
greater, which contain fixes for this issue.</p>
<p><strong>Credit</strong>
Damon Toey (reporter)</p>
-<p><strong>References</strong>
-* JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a>
-* CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></p>
+<p><strong>References</strong></p>
+<ul>
+<li>JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-18058";>SOLR-18058</a></li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2026-22444";>CVE-2026-22444</a></li>
+</ul>
<hr/>
<h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">2025-12-09,
CVE-2025-66516: Apache Solr extraction module vulnerable to XXE attacks via
XFA content in PDFs
<a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
