[
https://issues.apache.org/jira/browse/OFBIZ-12316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415455#comment-17415455
]
ASF subversion and git services commented on OFBIZ-12316:
---------------------------------------------------------
Commit 905e7b0253c000b3a5a5125c25ad39d3ea8f9216 in ofbiz-plugins's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=905e7b0 ]
Fixed: The Solr version included in OFBiz has an SSRF vulnerability
(CVE-2021-27905) (OFBIZ-12316)
Fixes conflicts from cherry pick
> The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-12316
> URL: https://issues.apache.org/jira/browse/OFBIZ-12316
> Project: OFBiz
> Issue Type: Sub-task
> Components: solr
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.01, Release Branch 17.12
>
>
> This security issue was reported to the security team by weinull orz
> <wein...@outlook.com> As he suggested the solution is to update Solr to its
> last version. We did not create a CVE as it's actually a Solr issue and Solr
> has already created (CVE-2021-27905)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
