Hey Eric, I'll refer you to our "security@" mailing list for specifics, but in general there have been a handful of reports on our "security@" mailing list that relate to the "Solr MCP" project.
I guess those have been relatively low-priority up to this point since the "Solr MCP" project doesn't have any releases. But if you're starting to consider an RC for Solr MCP 1.0, we probably need to triage those reports. Maybe they'll end up being false-alarms, but it'll be hard for folks to vote positively on an RC if there are security questions that haven't even been investigated yet. Just a heads up / my 2c. Best, Jason On Thu, Apr 23, 2026 at 3:39 PM David Eric Pugh via dev <[email protected]> wrote: > > Hi all, > Aditya and I are going to try and navigate using the Apache Trusted Release > process to get a candidate 1.0 release of the Solr MCP project. We're > getting some handholding tomorrow (Friday April 24) at 11 AM EST from some of > the ASF Infra people (including the all important, how do I sign this thing?). > I will post the zoom link in our slack channels if anyone wants to join and > see how things go. > If all goes well, you should see some emails about the release candidate. > We still have some work to do on refactoring the documentation, but we have > the candidate website ready to go once there is something to point to! > I didn't want to surprise anyone. > Eric --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
