Yes, there is but it is private i.e. only the Apache Lucene PMC members can see it. This is standard for all security issues in Apache land. The fixes for this issue has been applied to the release branches and the Solr 7.1.0 release candidate is already up for vote. Barring any unforeseen circumstances, a 7.1.0 release with the fixes should be expected this week.
On Fri, Oct 13, 2017 at 8:14 PM, Xie, Sean <sean....@finra.org> wrote: > Is there a tracking to address this issue for SOLR 6.6.x and 7.x? > > https://lucene.apache.org/solr/news.html#12-october-2017-please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list > > Sean > > Confidentiality Notice:: This email, including attachments, may include > non-public, proprietary, confidential or legally privileged information. If > you are not an intended recipient or an authorized agent of an intended > recipient, you are hereby notified that any dissemination, distribution or > copying of the information contained in or transmitted with this e-mail is > unauthorized and strictly prohibited. If you have received this email in > error, please notify the sender by replying to this message and permanently > delete this e-mail, its attachments, and any copies of it immediately. You > should not retain, copy or use this e-mail or any attachment for any purpose, > nor disclose all or any part of the contents to any other person. Thank you. -- Regards, Shalin Shekhar Mangar.
