Copilot commented on code in PR #193: URL: https://github.com/apache/solr-site/pull/193#discussion_r3435859488
########## content/solr/vex/2022-12-14-cve-2016-1181.md: ########## @@ -0,0 +1,19 @@ +--- +cve: + - CVE-2015-0899 + - CVE-2016-1181 + - CVE-2016-1182 + - SOLR-2849 +category: + - solr/vex Review Comment: The `cve` list includes `SOLR-2849`, which is a JIRA key rather than a CVE/GHSA identifier. This will render as a vulnerability ID on vex.html and will also be emitted as a vulnerability in the generated CycloneDX VEX JSON. Move it to the dedicated `jira:` field instead. ########## content/solr/vex/2022-12-14-cve-2016-6809.md: ########## @@ -6,11 +6,13 @@ cve: - CVE-2018-1339 category: - solr/vex -versions: "5.5.5, 6.2.0-today" +versions: "5.5.5, 6.2.0-9.10" jars: - vorbis-java-tika-0.8.jar analysis: state: not_affected title: "vorbis-java-tika" --- See https://github.com/Gagravarr/VorbisJava/issues/30; reported CVEs are not related to OggVorbis at all. + +Tika as an inprocess component was removed in Solr 9.11. Review Comment: Typo/wording: "inprocess" should be hyphenated as "in-process". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
