This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new a28325683 Automatic Site Publish by Buildbot
a28325683 is described below
commit a283256838094af25a0c4be106a94c058719724b
Author: buildbot <[email protected]>
AuthorDate: Fri Jan 12 19:44:00 2024 +0000
Automatic Site Publish by Buildbot
---
output/community.html | 2 +-
output/downloads.html | 2 +-
output/editing-website.html | 2 +-
output/features.html | 2 +-
output/feeds/all.atom.xml | 20 +++++++++-
output/feeds/solr/security.atom.xml | 20 +++++++++-
output/guide/index.html | 2 +-
output/guide/solr-tutorial.html | 2 +-
output/index.html | 4 +-
output/logos-and-assets.html | 2 +-
output/news.html | 19 ++++++++-
output/operator/articles/explore-v030-gke.html | 2 +-
output/operator/artifacts.html | 2 +-
output/operator/community.html | 2 +-
output/operator/features.html | 2 +-
output/operator/index.html | 4 +-
output/operator/logos-and-assets.html | 2 +-
output/operator/news.html | 2 +-
output/operator/resources.html | 2 +-
output/resources.html | 2 +-
output/security.html | 53 ++++++++++++--------------
output/whoweare.html | 2 +-
22 files changed, 100 insertions(+), 52 deletions(-)
diff --git a/output/community.html b/output/community.html
index 5ede5510e..92d3abf56 100644
--- a/output/community.html
+++ b/output/community.html
@@ -336,7 +336,7 @@ to obtain a personal fork from which you can later
contribute your changes based
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/downloads.html b/output/downloads.html
index 26cb872bb..c98acdccf 100644
--- a/output/downloads.html
+++ b/output/downloads.html
@@ -331,7 +331,7 @@ Due to the voluntary nature of Solr, no releases are
scheduled in advance.</p>
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/editing-website.html b/output/editing-website.html
index 841e596c6..c975ee6dc 100644
--- a/output/editing-website.html
+++ b/output/editing-website.html
@@ -223,7 +223,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/features.html b/output/features.html
index e12b3d4a7..947b6015f 100644
--- a/output/features.html
+++ b/output/features.html
@@ -1081,7 +1081,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 5ce24473f..291989a92 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -1,5 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2023-10-20T00:00:00+00:00</updated><subtitle></subtitle><subtitle></subtitle><entry><title>Apache
Solr Operator™ v0.8.0 available</title><link
href="/apache-solr-operatortm-v080-available.html"
rel="alternate"></link><published>2023-10-20T00:00:00+00:00</published><updated>2023-10-20T00:00:00+00:00</updated><author
[...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2024-01-12T00:00:00+00:00</updated><subtitle></subtitle><subtitle></subtitle><entry><title>Apache
Solr allows read access to host environment variables</title><link
href="/apache-solr-allows-read-access-to-host-environment-variables.html"
rel="alternate"></link><published>2024-01-12T00:00:00+00:00</published><updat
[...]
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default …</p></summary><content
type="html"><p><strong>Versions Affected:</strong>
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default list is designed to work for known secret Java system properties.
+Environment variables cannot be strictly defined in Solr, like Java system
properties can be, and may be set for the entire host, unlike Java system
properties which are set per-Java-process.</p>
+<p>The Solr Metrics API is protected by the "metrics-read" permission.
+Therefore, Solr Clouds with Authorization setup will only be vulnerable via
users with the "metrics-read" permission.</p>
+<p><strong>Mitigation:</strong>
+Users are recommended to upgrade to version 9.3.0 or later, in which
environment variables are not published via the Metrics API.</p>
+<p><strong>References:</strong>
+https://nvd.nist.gov/vuln/detail/CVE-2023-50290
+https://issues.apache.org/jira/browse/SOLR-16808</p></content><category
term="solr/security"></category></entry><entry><title>Apache Solr Operator™
v0.8.0 available</title><link
href="/apache-solr-operatortm-v080-available.html"
rel="alternate"></link><published>2023-10-20T00:00:00+00:00</published><updated>2023-10-20T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2023-10-20:/apache-solr-operatortm-v080-available.html</id><summary
type="html">< [...]
<p>The Apache Solr Operator is a safe and easy way of managing a Solr
ecosystem in Kubernetes.</p>
<p>This release contains numerous bug fixes, optimizations, and
improvements, some of which are highlighted below …</p></summary><content
type="html"><p>The Apache Solr PMC is pleased to announce the release of
the Apache Solr Operator v0.8.0.</p>
<p>The Apache Solr Operator is a safe and easy way of managing a Solr
ecosystem in Kubernetes.</p>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index bf272a90a..0af2cbc42 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -1,5 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2022-11-20T00:00:00+00:00</updated><subtitle></subtitle><subtitle></subtitle><entry><title>Apache
Solr is vulnerable to CVE-2022-39135 via /sql handler</title><link
href="/apache-solr-is-vulnerable-to-cve-2022-39135-via-sql-handler.html"
rel="alternate"></link><published>2022-11-20T00:00:0 [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2024-01-12T00:00:00+00:00</updated><subtitle></subtitle><subtitle></subtitle><entry><title>Apache
Solr allows read access to host environment variables</title><link
href="/apache-solr-allows-read-access-to-host-environment-variables.html"
rel="alternate"></link><published>2024-01-12T00:00: [...]
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default …</p></summary><content
type="html"><p><strong>Versions Affected:</strong>
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default list is designed to work for known secret Java system properties.
+Environment variables cannot be strictly defined in Solr, like Java system
properties can be, and may be set for the entire host, unlike Java system
properties which are set per-Java-process.</p>
+<p>The Solr Metrics API is protected by the "metrics-read" permission.
+Therefore, Solr Clouds with Authorization setup will only be vulnerable via
users with the "metrics-read" permission.</p>
+<p><strong>Mitigation:</strong>
+Users are recommended to upgrade to version 9.3.0 or later, in which
environment variables are not published via the Metrics API.</p>
+<p><strong>References:</strong>
+https://nvd.nist.gov/vuln/detail/CVE-2023-50290
+https://issues.apache.org/jira/browse/SOLR-16808</p></content><category
term="solr/security"></category></entry><entry><title>Apache Solr is vulnerable
to CVE-2022-39135 via /sql handler</title><link
href="/apache-solr-is-vulnerable-to-cve-2022-39135-via-sql-handler.html"
rel="alternate"></link><published>2022-11-20T00:00:00+00:00</published><updated>2022-11-20T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2022-11-20:/apache-solr-is-vulnerable-to
[...]
Solr 6.5 to 8.11.2
Solr 9.0</p>
<p><strong>Description:</strong>
diff --git a/output/guide/index.html b/output/guide/index.html
index 7563e12f1..6e0019b2d 100644
--- a/output/guide/index.html
+++ b/output/guide/index.html
@@ -219,7 +219,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/guide/solr-tutorial.html b/output/guide/solr-tutorial.html
index 669cbbc29..48a655bb1 100644
--- a/output/guide/solr-tutorial.html
+++ b/output/guide/solr-tutorial.html
@@ -190,7 +190,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/index.html b/output/index.html
index 1631d25d7..deecd1900 100644
--- a/output/index.html
+++ b/output/index.html
@@ -112,7 +112,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2022-11-20">
+<section class="security" latest-date="2024-01-12">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="security.html">⚠ There are recent security
announcements. Read more on the Security page.</a></h2>
@@ -419,7 +419,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/logos-and-assets.html b/output/logos-and-assets.html
index 3fb2c2df2..31bd95a45 100644
--- a/output/logos-and-assets.html
+++ b/output/logos-and-assets.html
@@ -243,7 +243,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/news.html b/output/news.html
index bde5de18d..c1d95dcd2 100644
--- a/output/news.html
+++ b/output/news.html
@@ -132,6 +132,23 @@
<h1 id="solr-news">Solr<sup>™</sup> News<a class="headerlink"
href="#solr-news" title="Permanent link">¶</a></h1>
<p>You may also read these news as an <a
href="/feeds/solr/news.atom.xml">ATOM feed</a>.</p>
+ <h2 id="apache-solr-allows-read-access-to-host-environment-variables">12
January 2024, Apache Solr allows read access to host environment variables
+ <a class="headerlink"
href="#apache-solr-allows-read-access-to-host-environment-variables"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Versions Affected:</strong>
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default list is designed to work for known secret Java system properties.
+Environment variables cannot be strictly defined in Solr, like Java system
properties can be, and may be set for the entire host, unlike Java system
properties which are set per-Java-process.</p>
+<p>The Solr Metrics API is protected by the "metrics-read" permission.
+Therefore, Solr Clouds with Authorization setup will only be vulnerable via
users with the "metrics-read" permission.</p>
+<p><strong>Mitigation:</strong>
+Users are recommended to upgrade to version 9.3.0 or later, in which
environment variables are not published via the Metrics API.</p>
+<p><strong>References:</strong>
+https://nvd.nist.gov/vuln/detail/CVE-2023-50290
+https://issues.apache.org/jira/browse/SOLR-16808</p>
<h2 id="apache-solrtm-940-available">15 October 2023, Apache Solr™ 9.4.0
available
<a class="headerlink" href="#apache-solrtm-940-available" title="Permanent
link">¶</a>
</h2>
@@ -4069,7 +4086,7 @@ file included with the release for a full list of
details.</p>
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/articles/explore-v030-gke.html
b/output/operator/articles/explore-v030-gke.html
index ef6b337f3..1914e27d4 100644
--- a/output/operator/articles/explore-v030-gke.html
+++ b/output/operator/articles/explore-v030-gke.html
@@ -1009,7 +1009,7 @@ Let’s us know, we’re on slack <a
href="https://kubernetes.slack.com/messages
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/artifacts.html b/output/operator/artifacts.html
index cddd2882e..f1e17db23 100644
--- a/output/operator/artifacts.html
+++ b/output/operator/artifacts.html
@@ -340,7 +340,7 @@ Source releases are provided for the operator, however
binaries are only provide
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/community.html b/output/operator/community.html
index 0c3ef2126..44313ed7a 100644
--- a/output/operator/community.html
+++ b/output/operator/community.html
@@ -233,7 +233,7 @@ to obtain a personal fork from which you can later
contribute your changes throu
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/features.html b/output/operator/features.html
index a1e1d8369..2d1c6b8e6 100644
--- a/output/operator/features.html
+++ b/output/operator/features.html
@@ -391,7 +391,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/index.html b/output/operator/index.html
index eb8b67f9c..799fa1f73 100644
--- a/output/operator/index.html
+++ b/output/operator/index.html
@@ -107,7 +107,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2022-11-20">
+<section class="security" latest-date="2024-01-12">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="/security.html">⚠ There are recent security
announcements. Read more on the Solr Security page.</a></h2>
@@ -476,7 +476,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/logos-and-assets.html
b/output/operator/logos-and-assets.html
index 2b4683dc2..a5bd78327 100644
--- a/output/operator/logos-and-assets.html
+++ b/output/operator/logos-and-assets.html
@@ -226,7 +226,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/news.html b/output/operator/news.html
index e593bf63a..07f9dee6c 100644
--- a/output/operator/news.html
+++ b/output/operator/news.html
@@ -406,7 +406,7 @@ Make sure to run the new <code>make prepare</code> command
before submitting a P
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/operator/resources.html b/output/operator/resources.html
index 1e67bac8d..c27996834 100644
--- a/output/operator/resources.html
+++ b/output/operator/resources.html
@@ -234,7 +234,7 @@
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/resources.html b/output/resources.html
index dcbc896c5..bfc9362bd 100644
--- a/output/resources.html
+++ b/output/resources.html
@@ -381,7 +381,7 @@ Rafał Kuć is proud to introduce a new book on Solr, <a
href="http://www.packtp
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/security.html b/output/security.html
index 3568a6046..a6b42b78e 100644
--- a/output/security.html
+++ b/output/security.html
@@ -187,6 +187,11 @@ with you to see if we can provide this information in
other variations or format
<th width="95">Date</th>
<th>Announcement</th>
</tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-50290";>CVE-2023-50290</a></td>
+ <td>2024-01-12</td>
+ <td><a
href="#apache-solr-allows-read-access-to-host-environment-variables">Apache
Solr allows read access to host environment variables</a></td>
+ </tr>
<tr>
<td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2022-39135";>CVE-2022-39135</a></td>
<td>2022-11-20</td>
@@ -257,13 +262,26 @@ with you to see if we can provide this information in
other variations or format
<td>2019-03-06</td>
<td><a
href="#cve-2019-0192-deserialization-of-untrusted-data-via-jmxserviceurl-in-apache-solr">Deserialization
of untrusted data via jmx.serviceUrl in Apache Solr</a></td>
</tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2017-3164";>CVE-2017-3164</a></td>
- <td>2019-02-12</td>
- <td><a href="#cve-2017-3164-ssrf-issue-in-apache-solr">SSRF issue
in Apache Solr</a></td>
- </tr>
</table>
+ <h2
id="apache-solr-allows-read-access-to-host-environment-variables">2024-01-12,
Apache Solr allows read access to host environment variables
+ <a class="headerlink"
href="#apache-solr-allows-read-access-to-host-environment-variables"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Versions Affected:</strong>
+Solr 9.0 to 9.2.1</p>
+<p><strong>Description:</strong>
+Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
+The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
+Users are able to specify which environment variables to hide, however, the
default list is designed to work for known secret Java system properties.
+Environment variables cannot be strictly defined in Solr, like Java system
properties can be, and may be set for the entire host, unlike Java system
properties which are set per-Java-process.</p>
+<p>The Solr Metrics API is protected by the "metrics-read" permission.
+Therefore, Solr Clouds with Authorization setup will only be vulnerable via
users with the "metrics-read" permission.</p>
+<p><strong>Mitigation:</strong>
+Users are recommended to upgrade to version 9.3.0 or later, in which
environment variables are not published via the Metrics API.</p>
+<p><strong>References:</strong>
+https://nvd.nist.gov/vuln/detail/CVE-2023-50290
+https://issues.apache.org/jira/browse/SOLR-16808</p>
+ <hr/>
<h2
id="apache-solr-is-vulnerable-to-cve-2022-39135-via-sql-handler">2022-11-20,
Apache Solr is vulnerable to CVE-2022-39135 via /sql handler
<a class="headerlink"
href="#apache-solr-is-vulnerable-to-cve-2022-39135-via-sql-handler"
title="Permanent link">¶</a>
</h2>
@@ -655,29 +673,6 @@ Michael Stepankin</p>
<ul>
<li><a
href="https://issues.apache.org/jira/browse/SOLR-13301";>https://issues.apache.org/jira/browse/SOLR-13301</a></li>
<li><a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity";>https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity</a></li>
-</ul>
- <hr/>
- <h2 id="cve-2017-3164-ssrf-issue-in-apache-solr">2019-02-12, CVE-2017-3164:
SSRF issue in Apache Solr
- <a class="headerlink" href="#cve-2017-3164-ssrf-issue-in-apache-solr"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong> High</p>
-<p><strong>Vendor:</strong><br>
-The Apache Software Foundation</p>
-<p><strong>Versions Affected:</strong>
-Apache Solr versions from 1.3 to 7.6.0</p>
-<p><strong>Description:</strong><br>
-The "shards" parameter does not have a corresponding whitelist mechanism,
-so it can request any URL.</p>
-<p><strong>Mitigation:</strong><br>
-Upgrade to Apache Solr 7.7.0 or later.
-Ensure your network settings are configured so that only trusted traffic is
-allowed to ingress/egress your hosts running Solr.</p>
-<p><strong>Credit:</strong><br>
-dk from Chaitin Tech</p>
-<p><strong>References:</strong></p>
-<ul>
-<li><a
href="https://issues.apache.org/jira/browse/SOLR-12770";>https://issues.apache.org/jira/browse/SOLR-12770</a></li>
-<li><a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity";>https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity</a></li>
</ul>
<hr/>
<h1 id="cve-reports-for-apache-solr-dependencies">CVE reports for Apache
Solr dependencies</h1>
@@ -1106,7 +1101,7 @@ dk from Chaitin Tech</p>
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
diff --git a/output/whoweare.html b/output/whoweare.html
index 7cd09b7b6..fcc2f1484 100644
--- a/output/whoweare.html
+++ b/output/whoweare.html
@@ -259,7 +259,7 @@ have direct write access to the source repositories.
Developers may be invited a
</div>
<div class="row copyright">
<div class="large-centered columns">
- <p>Copyright © 2023 The Apache Software Foundation, Licensed under the
+ <p>Copyright © 2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License,
Version 2.0</a>. <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a><br/>
Apache and the Apache feather logo are trademarks of The Apache Software
Foundation. Apache Lucene,
Apache Solr and their respective logos are trademarks of the Apache
Software Foundation.
