(solr-site) branch asf-staging updated: Commit build products

github-bot Tue, 20 Jan 2026 09:42:40 -0800

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git



The following commit(s) were added to refs/heads/asf-staging by this push:
     new adde0153e Commit build products
adde0153e is described below

commit adde0153e05d3bb22e4082167addf57f3a887969
Author: Build Pelican (action) <[email protected]>
AuthorDate: Tue Jan 20 17:41:39 2026 +0000

    Commit build products
---
 output/feeds/all.atom.xml           | 4 ++--
 output/feeds/solr/security.atom.xml | 4 ++--
 output/news.html                    | 4 ++--
 output/security.html                | 8 ++++----
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index eed5e7f05..db5b31081 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -15,7 +15,7 @@
 &lt;p&gt;Please refer to the Upgrade Notes in the Solr Ref Guide for 
information on upgrading from previous Solr versions:&lt;/p&gt;
 &lt;p&gt;&lt;a 
href="https://solr.apache.org/guide/solr/9_10/upgrade-notes/solr-upgrade-notes.html"&gt;https://solr.apache.org/guide/solr/9_10/upgrade-notes/solr-upgrade-notes.html&lt;/a&gt;&lt;/p&gt;
 &lt;p&gt;Please read CHANGELOG.md for a full list of bugfixes:&lt;/p&gt;
-&lt;p&gt;&lt;a 
href="https://solr.apache.org/9_10_1/changes/Changes.html"&gt;https://solr.apache.org/9_10_1/changes/Changes.html&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/news"/></entry><entry><title>CVE-2026-22022 - Unauthorized bypass 
of certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</title><link 
href="/cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin.html"
 rel="alternate"/><published>2026-0 [...]
+&lt;p&gt;&lt;a 
href="https://solr.apache.org/9_10_1/changes/Changes.html"&gt;https://solr.apache.org/9_10_1/changes/Changes.html&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/news"/></entry><entry><title>CVE-2026-22022: Unauthorized bypass of 
certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</title><link 
href="/cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin.html"
 rel="alternate"/><published>2026-01 [...]
 moderate&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;Description&lt;/strong&gt;
 Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule 
Based Authorization Plugin" are vulnerable to allowing unauthorized access to 
certain Solr APIs, due to insufficiently strict input validation in those 
components.  Only deployments that meet all of the following criteria 
…&lt;/p&gt;</summary><content 
type="html">&lt;p&gt;&lt;strong&gt;Severity&lt;/strong&gt;
@@ -35,7 +35,7 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on 
Solr's "Rule Based
 monkeontheroof (reporter)&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;References&lt;/strong&gt;
 * JIRA - &lt;a 
href="https://issues.apache.org/jira/browse/SOLR-18054"&gt;SOLR-18054&lt;/a&gt;
-* CVE - &lt;a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022"&gt;CVE-2026-22022&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient 
file-access checking in standalone core-creation requests</title><link 
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
 
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name
 [...]
+* CVE - &lt;a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022"&gt;CVE-2026-22022&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient 
file-access checking in standalone core-creation requests</title><link 
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
 
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>
 [...]
 moderate&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;Description&lt;/strong&gt;&lt;/p&gt;
 &lt;p&gt;The "create core" API of Apache Solr 8.6 through 9.10.0 lacks 
sufficient input validation on some API parameters, which can cause Solr to 
check the existence of and attempt to read file-system paths that should be 
disallowed by Solr's "allowPaths" security setting.  These read-only 
…&lt;/p&gt;</summary><content 
type="html">&lt;p&gt;&lt;strong&gt;Severity&lt;/strong&gt;
diff --git a/output/feeds/solr/security.atom.xml 
b/output/feeds/solr/security.atom.xml
index 197e65fcd..ed4fb8019 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr - 
solr/security</title><link href="/" rel="alternate"/><link 
href="/feeds/solr/security.atom.xml" 
rel="self"/><id>/</id><updated>2026-01-20T00:00:00+00:00</updated><entry><title>CVE-2026-22022
 - Unauthorized bypass of certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</title><link 
href="/cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin.html"
 rel [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr - 
solr/security</title><link href="/" rel="alternate"/><link 
href="/feeds/solr/security.atom.xml" 
rel="self"/><id>/</id><updated>2026-01-20T00:00:00+00:00</updated><entry><title>CVE-2026-22022:
 Unauthorized bypass of certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</title><link 
href="/cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin.html"
 rel= [...]
 moderate&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;Description&lt;/strong&gt;
 Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule 
Based Authorization Plugin" are vulnerable to allowing unauthorized access to 
certain Solr APIs, due to insufficiently strict input validation in those 
components.  Only deployments that meet all of the following criteria 
…&lt;/p&gt;</summary><content 
type="html">&lt;p&gt;&lt;strong&gt;Severity&lt;/strong&gt;
@@ -19,7 +19,7 @@ Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on 
Solr's "Rule Based
 monkeontheroof (reporter)&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;References&lt;/strong&gt;
 * JIRA - &lt;a 
href="https://issues.apache.org/jira/browse/SOLR-18054"&gt;SOLR-18054&lt;/a&gt;
-* CVE - &lt;a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022"&gt;CVE-2026-22022&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/security"/></entry><entry><title>CVE-2026-22444 - Insufficient 
file-access checking in standalone core-creation requests</title><link 
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
 
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name
 [...]
+* CVE - &lt;a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022"&gt;CVE-2026-22022&lt;/a&gt;&lt;/p&gt;</content><category
 term="solr/security"/></entry><entry><title>CVE-2026-22444: Insufficient 
file-access checking in standalone core-creation requests</title><link 
href="/cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests.html"
 
rel="alternate"/><published>2026-01-20T00:00:00+00:00</published><updated>2026-01-20T00:00:00+00:00</updated><author><name>
 [...]
 moderate&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;Description&lt;/strong&gt;&lt;/p&gt;
 &lt;p&gt;The "create core" API of Apache Solr 8.6 through 9.10.0 lacks 
sufficient input validation on some API parameters, which can cause Solr to 
check the existence of and attempt to read file-system paths that should be 
disallowed by Solr's "allowPaths" security setting.  These read-only 
…&lt;/p&gt;</summary><content 
type="html">&lt;p&gt;&lt;strong&gt;Severity&lt;/strong&gt;
diff --git a/output/news.html b/output/news.html
index 998b97387..77b62d141 100644
--- a/output/news.html
+++ b/output/news.html
@@ -169,7 +169,7 @@
 <p><a 
href="https://solr.apache.org/guide/solr/9_10/upgrade-notes/solr-upgrade-notes.html";>https://solr.apache.org/guide/solr/9_10/upgrade-notes/solr-upgrade-notes.html</a></p>
 <p>Please read CHANGELOG.md for a full list of bugfixes:</p>
 <p><a 
href="https://solr.apache.org/9_10_1/changes/Changes.html";>https://solr.apache.org/9_10_1/changes/Changes.html</a></p>
-  <h2 
id="cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">20
 January 2026, CVE-2026-22022 - Unauthorized bypass of certain "predefined 
permission" rules in the RuleBasedAuthorizationPlugin
+  <h2 
id="cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">20
 January 2026, CVE-2026-22022: Unauthorized bypass of certain "predefined 
permission" rules in the RuleBasedAuthorizationPlugin
     <a class="headerlink" 
href="#cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin"
 title="Permanent link">¶</a>
   </h2>
   <p><strong>Severity</strong>
@@ -190,7 +190,7 @@ monkeontheroof (reporter)</p>
 <p><strong>References</strong>
 * JIRA - <a 
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
 * CVE - <a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
-  <h2 
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">20
 January 2026, CVE-2026-22444 - Insufficient file-access checking in standalone 
core-creation requests
+  <h2 
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">20
 January 2026, CVE-2026-22444: Insufficient file-access checking in standalone 
core-creation requests
     <a class="headerlink" 
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
 title="Permanent link">¶</a>
   </h2>
   <p><strong>Severity</strong>
diff --git a/output/security.html b/output/security.html
index 9bae68240..d669fd570 100644
--- a/output/security.html
+++ b/output/security.html
@@ -208,12 +208,12 @@ with you to see if we can provide this information in 
other variations or format
         <tr>
             <td><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2026-22022";>CVE-2026-22022</a></td>
             <td>2026-01-20</td>
-            <td><a 
href="#cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">CVE-2026-22022
 - Unauthorized bypass of certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</a></td>
+            <td><a 
href="#cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">Unauthorized
 bypass of certain "predefined permission" rules in the 
RuleBasedAuthorizationPlugin</a></td>
         </tr>
         <tr>
             <td><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2026-22444";>CVE-2026-22444</a></td>
             <td>2026-01-20</td>
-            <td><a 
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">CVE-2026-22444
 - Insufficient file-access checking in standalone core-creation 
requests</a></td>
+            <td><a 
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">Insufficient
 file-access checking in standalone core-creation requests</a></td>
         </tr>
         <tr>
             <td><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516";>CVE-2025-66516</a></td>
@@ -282,7 +282,7 @@ with you to see if we can provide this information in other 
variations or format
         </tr>
     </table>
 
-  <h2 
id="cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">2026-01-20,
 CVE-2026-22022 - Unauthorized bypass of certain "predefined permission" rules 
in the RuleBasedAuthorizationPlugin
+  <h2 
id="cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin">2026-01-20,
 CVE-2026-22022: Unauthorized bypass of certain "predefined permission" rules 
in the RuleBasedAuthorizationPlugin
     <a class="headerlink" 
href="#cve-2026-22022-unauthorized-bypass-of-certain-predefined-permission-rules-in-the-rulebasedauthorizationplugin"
 title="Permanent link">¶</a>
   </h2>
   <p><strong>Severity</strong>
@@ -304,7 +304,7 @@ monkeontheroof (reporter)</p>
 * JIRA - <a 
href="https://issues.apache.org/jira/browse/SOLR-18054";>SOLR-18054</a>
 * CVE - <a 
href="https://www.cve.org/CVERecord?id=CVE-2026-22022";>CVE-2026-22022</a></p>
   <hr/>
-  <h2 
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">2026-01-20,
 CVE-2026-22444 - Insufficient file-access checking in standalone core-creation 
requests
+  <h2 
id="cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests">2026-01-20,
 CVE-2026-22444: Insufficient file-access checking in standalone core-creation 
requests
     <a class="headerlink" 
href="#cve-2026-22444-insufficient-file-access-checking-in-standalone-core-creation-requests"
 title="Permanent link">¶</a>
   </h2>
   <p><strong>Severity</strong>

(solr-site) branch asf-staging updated: Commit build products

Reply via email to