Hi all, About a month ago we had a few CVEs get addressed. (Thanks to those who took care of them.) Those fixes went into the 2.x branch and for 3.0.
At least one of those CVEs affects 1.9.x. Normally, I don't think I would worry about it, but in this case, Apache Lucene depends on 1.9.x, and Lucene is still doing releases on that version (8.11), which is used by Solr 8. What are everyone's thoughts on doing a 1.9.5 release to address, in particular, OPENNLP-1820 (https://issues.apache.org/jira/browse/OPENNLP-1820) and then making a PR to get 1.9.5 into Lucene (and then downstream into Solr)? Thanks, Jeff
