Hello Praveen, IIRC this jar is used only by Tika (Solr Cell) module which is disabled by default. So, it's up to user to turn on this vulnerability.
On Mon, Jan 8, 2024 at 9:55 AM Praveen Kamath <praveen.kam...@acquia.com> wrote: > Hey Team, > > Greetings for the day. This is Praveen from Acquia - one of your Solr > customers. > We recently ran an ORCA scan on our solr instances and got to know of > several vulnerabilities in Lucene 8.11.2. I couldn't find any tickets > regarding vulnerability reported in bcprov-jdk15on-1.69.jar (1.69): > org.bouncycastle:bcprov-jdk15on library in your issue tracker > <https://issues.apache.org/jira/>. > I want to raise a ticket for this. Kindly help me with the process to do > so. > > Thanks and regards, > Praveen Kamath > Staff Engineer, Acquia > -- Sincerely yours Mikhail Khludnev
