epugh commented on code in PR #195: URL: https://github.com/apache/solr-site/pull/195#discussion_r3435767083
########## content/solr/vex/2026-04-10-cve-2026-34477.md: ########## @@ -0,0 +1,44 @@ +--- +cve: CVE-2026-34477 +jira: SOLR-18288 +category: + - solr/vex +versions: "9.10.1, 10.0.0" Review Comment: so... can you maybe help me understand this a bit better. Can I take the data in the `versions` tag, the 'jars' tag, the `analysis` tag and rephrase it as "For Solr 9.10.1 and 10.0.0 that use logj4j-core-2.25.3 that we are not affected unless you use exotic configuraiton"? Now, when 9.11 comes out, are we implicitly saying that this issue no longer applies because 9.11 will use log4j-core-2.25.4.jar ? Likewise, if I go look at `main` and `branch_10x` I will see the fixed jar files there. I want to make sure I am understanding this VEX file properly! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
