[ 
https://issues.apache.org/jira/browse/SOLR-14603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ishan Chattopadhyaya updated SOLR-14603:
----------------------------------------
    Security: Public  (was: Private (Security Issue))

> Updating the Restlet Version
> ----------------------------
>
>                 Key: SOLR-14603
>                 URL: https://issues.apache.org/jira/browse/SOLR-14603
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Build, Schema and Analysis
>    Affects Versions: master (9.0)
>            Reporter: Marcus Eagan
>            Priority: Blocker
>             Fix For: 8.6
>
>
> There's not a whole lot of risk here because of the limited surface area of 
> Restlet in the project. [~ichattopadhyaya] even suggested we could remove it, 
> which I tend to agree with.
> I noticed that the Restlet dependency's location was no longer resolving at: 
> https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar.
> Now, of course, I could change it to a location that does resolve or download 
> directly. However, I looking at the changelog I thought that maybe I should 
> raise with the community that it an upgrade might be helpful given the CVEs.
> I will leave it to the experts as to whether it makes a difference, but 
> here's the changelog for reference.
> The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It 
> is very likely that 2.4.1 would be better. I'd leave that, again, to the 
> experts and post my findings.
> https://github.com/apache/lucene-solr/pull/1622



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to