IIS created SOLR-15850:
--------------------------
Summary: Fix SOLR-Versions to CVE-2021-44228
Key: SOLR-15850
URL: https://issues.apache.org/jira/browse/SOLR-15850
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Affects Versions: 7.5
Reporter: IIS
As we are faced with critical
[CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q] (log4shell)
these days, we still await security patches to fix log4j vulnerabilities
published on December 12th, 2021.
In our case we're running Apache SOLR via Docker, where some image versions
have been patched very quickly, but still some image versions float around in
the official Docker Hub without having recieved the critical security patches.
e.g. v7.5.0:
[https://hub.docker.com/layers/solr/library/solr/7.5.0/images/sha256-e3db40fa85e7115d2d1d3eb06f7555b6132e33bd3b6e91b17c0a1690122a7acc?context=explore]
When will these versions be updated in the Docker Repository to prevent users
from being vulnerable with specific SOLR installations running?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
