[jira] [Commented] (SOLR-14603) Updating the Restlet Version

Mon, 06 Jul 2020 03:18:20 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-14603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151933#comment-17151933
 ] 

ASF subversion and git services commented on SOLR-14603:
--------------------------------------------------------

Commit df3bc4288c0096c1de37e356086a8576f6510f16 in lucene-solr's branch 
refs/heads/jira/SOLR-14354 from Ishan Chattopadhyaya
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=df3bc42 ]

SOLR-14603: Upgrade Restlet to 2.4.3


> Updating the Restlet Version
> ----------------------------
>
>                 Key: SOLR-14603
>                 URL: https://issues.apache.org/jira/browse/SOLR-14603
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Build, Schema and Analysis
>    Affects Versions: master (9.0)
>            Reporter: Marcus Eagan
>            Assignee: Ishan Chattopadhyaya
>            Priority: Blocker
>             Fix For: 8.6
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There's not a whole lot of risk here because of the limited surface area of 
> Restlet in the project. [~ichattopadhyaya] even suggested we could remove it, 
> which I tend to agree with.
> I noticed that the Restlet dependency's location was no longer resolving at: 
> https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar.
> Now, of course, I could change it to a location that does resolve or download 
> directly. However, I looking at the changelog I thought that maybe I should 
> raise with the community that it an upgrade might be helpful given the CVEs.
> I will leave it to the experts as to whether it makes a difference, but 
> here's the changelog for reference.
> The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It 
> is very likely that 2.4.1 would be better. I'd leave that, again, to the 
> experts and post my findings.
> https://github.com/apache/lucene-solr/pull/1622



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to