[ https://issues.apache.org/jira/browse/OFBIZ-12316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415455#comment-17415455 ]
ASF subversion and git services commented on OFBIZ-12316: --------------------------------------------------------- Commit 905e7b0253c000b3a5a5125c25ad39d3ea8f9216 in ofbiz-plugins's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=905e7b0 ] Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316) Fixes conflicts from cherry pick > The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) > ----------------------------------------------------------------------------- > > Key: OFBIZ-12316 > URL: https://issues.apache.org/jira/browse/OFBIZ-12316 > Project: OFBiz > Issue Type: Sub-task > Components: solr > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Major > Fix For: 18.12.01, Release Branch 17.12 > > > This security issue was reported to the security team by weinull orz > <wein...@outlook.com> As he suggested the solution is to update Solr to its > last version. We did not create a CVE as it's actually a Solr issue and Solr > has already created (CVE-2021-27905) -- This message was sent by Atlassian Jira (v8.3.4#803005)