Nitin Gupta created OAK-9520: -------------------------------- Summary: CVE-2021-29262 in oak-solr-osgi Key: OAK-9520 URL: https://issues.apache.org/jira/browse/OAK-9520 Project: Jackrabbit Oak Issue Type: Bug Reporter: Nitin Gupta
Vulnerability in: org.apache.solr : solr-solrj : 8.6.3 CVE-2021-29262 {code:java} When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)