[jira] [Updated] (SOLR-17353) Upgrade gosu in Dockerfile to 1.19 to reduce CVE for GoLang and Ubuntu

Thu, 09 Apr 2026 01:28:06 -0700 


     [ 
https://issues.apache.org/jira/browse/SOLR-17353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl updated SOLR-17353:
-------------------------------
    Summary: Upgrade gosu in Dockerfile to 1.19 to reduce CVE for GoLang and 
Ubuntu  (was: CVE for GoLang and Ubuntu)

> Upgrade gosu in Dockerfile to 1.19 to reduce CVE for GoLang and Ubuntu
> ----------------------------------------------------------------------
>
>                 Key: SOLR-17353
>                 URL: https://issues.apache.org/jira/browse/SOLR-17353
>             Project: Solr
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 9.6
>            Reporter: Sujeet Hinge
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> During our recent security assessments, we have identified several 
> vulnerabilities in the SOLR 9.6.0 package related to Golang and Ubuntu 
> components. Given the potential risk to our systems, we are reaching out for 
> your expertise and support in addressing these issues promptly.
> *Ubuntu Vulnerabilities:*
> ·  CVE-2024-33599
> ·  CVE-2024-2236
> ·  CVE-2024-33600
> ·  CVE-2024-26462
> ·  CVE-2024-22916
> ·  CVE-2024-31879
> *Golang Vulnerabilities in SOLR 9.6.0:*
> ·  CVE-2023-29402
> ·  CVE-2023-24538
> ·  CVE-2022-23806
> ·  CVE-2021-38297
> ·  CVE-2023-29405
> ·  CVE-2023-29404
> ·  CVE-2023-24540
> ·  CVE-2023-39323
> ·  CVE-2022-30633
> ·  CVE-2023-24534
> ·  CVE-2022-29804
> ·  CVE-2022-30630
> ·  CVE-2023-24539
> ·  CVE-2022-2880
> ·  CVE-2023-45285
> ·  CVE-2021-41771
> ·  CVE-2023-45287
> ·  CVE-2022-30631
> ·  CVE-2022-23772
> The component impacted includes the Golang library with the hash {{{}sha256 
> 51611cdb452a872da14c789533d5aa5208d025f7d940c4367d140ca3b5e66d07{}}}. We 
> urgently need to understand the potential patches or mitigation strategies 
> you recommend, and the timeline for when these might be implemented in SOLR.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to