[
https://issues.apache.org/jira/browse/SOLR-15506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cassandra Targett resolved SOLR-15506.
--------------------------------------
Resolution: Won't Fix
Derby is used in the DataImportHandler contrib only in tests so it's not part
of DIH per se. It's on the list of dependency "false positives" that are not
considered problematic for Solr:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools
Additionally, DIH has been removed from Solr 9.0, so closing this as a Won't
Fix as we are not investing further in it going forward.
> Upgrade Apache Derby to >=10.14.2.0
> -----------------------------------
>
> Key: SOLR-15506
> URL: https://issues.apache.org/jira/browse/SOLR-15506
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Somesh Dhal
> Priority: Major
>
> Solr 8.9.0 is having derby-10.9.1.0 for which the Following Vulnerabilities
> are identified.
> [CVE-2018-1313 (BDSA-2018-1426), CVE-2015-1832].
> So Derby has to be upgraded to >=10.14.2.0 to deal with these Vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
