[jira] [Updated] (SOLR-16949) RCE via Backup/Restore APIs - Fix for all file extensions

Houston Putman (Jira) Fri, 09 Feb 2024 08:46:28 -0800


     [ 
https://issues.apache.org/jira/browse/SOLR-16949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Houston Putman updated SOLR-16949:
----------------------------------
    Security:     (was: Private (Security Issue))

> RCE via Backup/Restore APIs - Fix for all file extensions
> ---------------------------------------------------------
>
>                 Key: SOLR-16949
>                 URL: https://issues.apache.org/jira/browse/SOLR-16949
>             Project: Solr
>          Issue Type: Bug
>          Components: Backup/Restore
>    Affects Versions: 8.11.2
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Blocker
>             Fix For: 8.11.3, 9.5, 9.4.1
>
>         Attachments: SOLR-16949-1.patch, SOLR-16949-8_11-1.patch, 
> SOLR-16949-8_11-2.patch, SOLR-16949-8_11-3.patch, SOLR-16949-8_11.patch, 
> SOLR-16949-inputstream-leaks.patch, SOLR-16949-main-protect-lib-1.patch, 
> SOLR-16949-main-protect-lib-2.patch, SOLR-16949-main-protect-lib.patch, 
> SOLR-16949.patch, jenkins.log.txt.gz
>
>
> Before an 8.11.3 release, https://issues.apache.org/jira/browse/SOLR-16480 
> needs to be backported, thus creating this as a blocker.
> Here I am assuming that 8.x is vulnerable to the same attack, which should be 
> investigated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Updated] (SOLR-16949) RCE via Backup/Restore APIs - Fix for all file extensions

Reply via email to