Hi, Please see https://solr.apache.org/security.html for how to handle potential security issues responsibly. From time to time we upgrade our Jetty dependencies, so feel free to file a public JIRA to upgrade Jetty in next release. Normally you'd not be vulnerable to this DoS attach since you would of course not expose the Solr servers to the internet or other hostile networks...
Jan > 10. mar. 2021 kl. 22:12 skrev Steven White <[email protected]>: > > Hi everyone, > > Sorry for the double post, as I posted this on the Solr mailing list too. > > Does anyone know if CVE-2020-27223 [1] impacts Solr? This is a vulnerability > in jetty-http-9.4.27.v20200227.jar which we ship with Solr 8.6.1. > > Thanks, > > Steven > > [1] https://nvd.nist.gov/vuln/detail/CVE-2020-27223 > <https://nvd.nist.gov/vuln/detail/CVE-2020-27223>
