Uwe Schindler created SOLR-5520:
-----------------------------------
Summary: Backport some security fixes from 4.x to 3.6.x branch
Key: SOLR-5520
URL: https://issues.apache.org/jira/browse/SOLR-5520
Project: Solr
Issue Type: Bug
Affects Versions: 3.6.2
Reporter: Uwe Schindler
Assignee: Uwe Schindler
Redhat wants to backport some security fixes we applied in 4.1 and 4.6 to the
Solr tree to 3.6, because their user-base still uses this version. To help them
with backporting across the major API/version changes, we should also do this
on the 3.6 branch.
Redhat already assigned 3 CVE numbers to these issues and take the older issues
seriously, and they will patch older versions and also force users to upgrade.
cf, [CVE-2013-6397|https://access.redhat.com/security/cve/CVE-2013-6397]
(SOLR-4882),
[CVE-2013-6407|https://access.redhat.com/security/cve/CVE-2013-6407]
(SOLR-3895),
[CVE-2013-6408|https://access.redhat.com/security/cve/CVE-2013-6408]
(SOLR-4881).
To fully fix, we might need to backport more patches. I will take care of this.
This issue may be useful, if we release a 3.6.3 package.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
