There's this one I would like to include: https://github.com/apache/solr/pull/1245 It's almost ready! -------------------------- *Alessandro Benedetti* Director @ Sease Ltd. *Apache Lucene/Solr Committer* *Apache Solr PMC Member*
e-mail: a.benede...@sease.io *Sease* - Information Retrieval Applied Consulting | Training | Open Source Website: Sease.io <http://sease.io/> LinkedIn <https://linkedin.com/company/sease-ltd> | Twitter <https://twitter.com/seaseltd> | Youtube <https://www.youtube.com/channel/UCDx86ZKLYNpI3gzMercM7BQ> | Github <https://github.com/seaseltd> On Tue, 27 Dec 2022 at 06:38, David Smiley <dsmi...@apache.org> wrote: > More specifically: > SOLR-16443: Upgrade Jackson bom to 2.13.4.20221013 (#1106) > SOLR-16568: Update FasterXML Woodstox to 6.4.0 (#1209) > I will push those cherry-picks tonight after my local build succeeds. > > And I created a new JIRA issue for Protobuf: > https://issues.apache.org/jira/browse/SOLR-16598 which should be trivial. > Interestingly we're at a good version on main & branch_9x but it was > accidental / indirect. It's not appropriate to cherry pick the accidental / > indirect changes that lead to the CVE fix, as I think we're likely to > remedy that specific circumstance, thus going back to a vulnerable version > in main. > > ~ David Smiley > Apache Lucene/Solr Search Developer > http://www.linkedin.com/in/davidwsmiley > > > On Fri, Dec 23, 2022 at 8:16 AM David Smiley <dsmi...@apache.org> wrote: > > > Thanks for volunteering! > > > > I'd like to propose that the upgrades to dependencies due to CVEs be > > back-ported to 9.1.1. I can help with this. One example I see is > > woodstox-core. > > > > ~ David Smiley > > Apache Lucene/Solr Search Developer > > http://www.linkedin.com/in/davidwsmiley > > > > > > On Thu, Dec 22, 2022 at 9:45 AM Michael Gibney < > mich...@michaelgibney.net> > > wrote: > > > >> I'd like to get the ball rolling on a 9.1.1 bugfix release, and > >> volunteer to be release manager. There aren't very many bugfixes > >> accumulated since 9.1.0 on `branch_9_1`, but SOLR-16585 in particular > >> (NPE on MatchAllDocs pagination) should be fixed asap. > >> > >> I'm thinking to build a release candidate as early as possible in the > new > >> year. > >> > >> Are there any outstanding bugfixes that anyone would like to backport > >> to `branch_9_1` before preparing the release? > >> > >> Michael > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org > >> For additional commands, e-mail: dev-h...@solr.apache.org > >> > >> >