+1, thanks Ignacio. I merged the fix for LUCENE-9300 <https://issues.apache.org/jira/browse/LUCENE-9300> and backported to the 8.5 branch.
Le jeu. 2 avr. 2020 à 21:48, Adrien Grand <jpou...@gmail.com> a écrit : > My general take on this is that it's ok to upgrade a dependency in a patch > release if the dependency upgrade itself is a new patch release of the same > minor version. The changelog of Tika 1.24 seems to include not only bug > fixes but also some enhancements[1], so I'd rather do a 8.6 release in the > near future than backport this dependency upgrade to 8.5. > > [1] https://tika.apache.org/1.24/index.html > > On Thu, Apr 2, 2020 at 9:33 PM Cassandra Targett <casstarg...@gmail.com> > wrote: > >> Should we consider backporting SOLR-14367 (the most recent Tika upgrade)? >> It addresses a CVE in Tika, and while I think we usually avoid changing 3rd >> party component versions in patch releases, but maybe we should in this >> case? The upgrade also looks like it was pretty straightforward (drop-in >> replacement). >> >> Cassandra >> On Apr 2, 2020, 12:47 PM -0500, Ignacio Vera <iver...@gmail.com>, wrote: >> >> Hi, >> >> I propose a quick 8.5.1 bugfix release and I volunteer as RM. The main >> motivation for this release is LUCENE-9300 where Jim addressed a serious >> bug that can lead to data corruption when merging indices via IW#addIndices. >> >> If there are no objections I am planning to create a RC early next week. >> >> Best regards, >> >> Ignacio >> >> >> >> > > -- > Adrien >