[ https://issues.apache.org/jira/browse/SOLR-14603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya updated SOLR-14603: ---------------------------------------- Security: Public (was: Private (Security Issue)) > Updating the Restlet Version > ---------------------------- > > Key: SOLR-14603 > URL: https://issues.apache.org/jira/browse/SOLR-14603 > Project: Solr > Issue Type: Task > Security Level: Public(Default Security Level. Issues are Public) > Components: Build, Schema and Analysis > Affects Versions: master (9.0) > Reporter: Marcus Eagan > Priority: Blocker > Fix For: 8.6 > > > There's not a whole lot of risk here because of the limited surface area of > Restlet in the project. [~ichattopadhyaya] even suggested we could remove it, > which I tend to agree with. > I noticed that the Restlet dependency's location was no longer resolving at: > https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar. > Now, of course, I could change it to a location that does resolve or download > directly. However, I looking at the changelog I thought that maybe I should > raise with the community that it an upgrade might be helpful given the CVEs. > I will leave it to the experts as to whether it makes a difference, but > here's the changelog for reference. > The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It > is very likely that 2.4.1 would be better. I'd leave that, again, to the > experts and post my findings. > https://github.com/apache/lucene-solr/pull/1622 -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org