[ https://issues.apache.org/jira/browse/SOLR-16949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Houston Putman updated SOLR-16949: ---------------------------------- Security: (was: Private (Security Issue)) > RCE via Backup/Restore APIs - Fix for all file extensions > --------------------------------------------------------- > > Key: SOLR-16949 > URL: https://issues.apache.org/jira/browse/SOLR-16949 > Project: Solr > Issue Type: Bug > Components: Backup/Restore > Affects Versions: 8.11.2 > Reporter: Jan Høydahl > Assignee: Jan Høydahl > Priority: Blocker > Fix For: 8.11.3, 9.5, 9.4.1 > > Attachments: SOLR-16949-1.patch, SOLR-16949-8_11-1.patch, > SOLR-16949-8_11-2.patch, SOLR-16949-8_11-3.patch, SOLR-16949-8_11.patch, > SOLR-16949-inputstream-leaks.patch, SOLR-16949-main-protect-lib-1.patch, > SOLR-16949-main-protect-lib-2.patch, SOLR-16949-main-protect-lib.patch, > SOLR-16949.patch, jenkins.log.txt.gz > > > Before an 8.11.3 release, https://issues.apache.org/jira/browse/SOLR-16480 > needs to be backported, thus creating this as a blocker. > Here I am assuming that 8.x is vulnerable to the same attack, which should be > investigated. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org