[
https://issues.apache.org/jira/browse/SOLR-14603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya updated SOLR-14603:
----------------------------------------
Security: Public (was: Private (Security Issue))
> Updating the Restlet Version
> ----------------------------
>
> Key: SOLR-14603
> URL: https://issues.apache.org/jira/browse/SOLR-14603
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Build, Schema and Analysis
> Affects Versions: master (9.0)
> Reporter: Marcus Eagan
> Priority: Blocker
> Fix For: 8.6
>
>
> There's not a whole lot of risk here because of the limited surface area of
> Restlet in the project. [~ichattopadhyaya] even suggested we could remove it,
> which I tend to agree with.
> I noticed that the Restlet dependency's location was no longer resolving at:
> https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar.
> Now, of course, I could change it to a location that does resolve or download
> directly. However, I looking at the changelog I thought that maybe I should
> raise with the community that it an upgrade might be helpful given the CVEs.
> I will leave it to the experts as to whether it makes a difference, but
> here's the changelog for reference.
> The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It
> is very likely that 2.4.1 would be better. I'd leave that, again, to the
> experts and post my findings.
> https://github.com/apache/lucene-solr/pull/1622
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
