[
https://issues.apache.org/jira/browse/SOLR-15881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Viaznikov updated SOLR-15881:
----------------------------------
Description:
The CVE-2021-44548 ([https://nvd.nist.gov/vuln/detail/CVE-2021-44548)] is
reported for solr components and it is said to be fixed in version 8.11.1.
It is also reported for `solr-clustering:8.7.0`, which is the latest version.
It depends on solr-core component. Several questions arise on this situation:
# Is the `solr-clustering:8.7.0` itself also affected by this CVE?
# Is the `solr-clustering:8.7.0` compatible with solr components of 8.11.1
version?
# Is Solr 8.11.1 itself compatible with Spring Boot 2.4.13, 2.5.8 and 2.6.2?
As for now, they all come with solr 8.5.2 components.
# In case Solr 8.11.1 is not compatible with Spring Boot, will there be a down
port of the fix for this CVE?
Requesting you to clarify this
was:
The CVE-2021-44548 ([https://nvd.nist.gov/vuln/detail/CVE-2021-44548)] is
reported for solr components and it is said to be fixed in version 8.11.1.
It is also reported for `solr-clustering:8.7.0`, which is the latest version.
It depends on solr-core component. Several questions arise on this situation:
# Is the `solr-clustering:8.7.0` itself also affected by this CVE?
# Is the `solr-clustering:8.7.0` compatible with solr components of 8.11.1
version?
# Is Solr 8.11.1 itself compatible with Spring Boot 2.4.13, 2.5.8 and 2.6.2?
As for now, they all come with solr 8.8.2 components.
# In case Solr 8.11.1 is not compatible with Spring Boot, will there be a down
port of the fix for this CVE?
Requesting you to clarify this
> Solr 8.11.1 compatibility with Spring Boot and `solr-clustering` 8.7.0
> ----------------------------------------------------------------------
>
> Key: SOLR-15881
> URL: https://issues.apache.org/jira/browse/SOLR-15881
> Project: Solr
> Issue Type: Test
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ivan Viaznikov
> Priority: Major
>
> The CVE-2021-44548 ([https://nvd.nist.gov/vuln/detail/CVE-2021-44548)] is
> reported for solr components and it is said to be fixed in version 8.11.1.
> It is also reported for `solr-clustering:8.7.0`, which is the latest version.
> It depends on solr-core component. Several questions arise on this situation:
> # Is the `solr-clustering:8.7.0` itself also affected by this CVE?
> # Is the `solr-clustering:8.7.0` compatible with solr components of 8.11.1
> version?
> # Is Solr 8.11.1 itself compatible with Spring Boot 2.4.13, 2.5.8 and 2.6.2?
> As for now, they all come with solr 8.5.2 components.
> # In case Solr 8.11.1 is not compatible with Spring Boot, will there be a
> down port of the fix for this CVE?
> Requesting you to clarify this
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
