[jira] [Commented] (SOLR-17902) CVE-2025-55163: vulnerability in the Netty/Codec/HTTP2 dependency

Sun, 14 Sep 2025 05:40:09 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-17902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020148#comment-18020148
 ] 

Alexander Veit commented on SOLR-17902:
---------------------------------------

This issue has been fixed in the Solr branch_9x.

https://github.com/apache/solr/commit/bc0d004bcdd18e9b02cdab34e898bef0d494fefd

> CVE-2025-55163: vulnerability in the Netty/Codec/HTTP2 dependency
> -----------------------------------------------------------------
>
>                 Key: SOLR-17902
>                 URL: https://issues.apache.org/jira/browse/SOLR-17902
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.9.0
>            Reporter: Alexander Veit
>            Priority: Major
>              Labels: security
>
> {{io.netty:netty-codec-http2:4.1.114.Final}} (Oct 2024) which is included in 
> Solr 9.9.0 comes with CVE-2025-55163 (Score 8.2).
> https://nvd.nist.gov/vuln/detail/CVE-2025-55163



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to