Claus Ibsen created JCR-4534:
--------------------------------
Summary: Update Apache Lucene
Key: JCR-4534
URL: https://issues.apache.org/jira/browse/JCR-4534
Project: Jackrabbit Content Repository
Issue Type: Task
Reporter: Claus Ibsen
The latest release (master branch) are using Lucene 3.6.0
[https://github.com/apache/jackrabbit/blob/trunk/jackrabbit-parent/pom.xml#L468]
Which are used by jackrabbit-core
As there is known CVEs reported against this old Lucene version. Then I wonder
if you guys would be able to upgrade to a newer Lucene version that does not
the issue.
At Apache Camel we had this reported
Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
CVE ID:
[CVE-2017-3163]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163])
Import Path: components/camel-jcr/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
8.3.1, 8.4.0, 8.4.1
[https://issues.apache.org/jira/projects/CAMEL/issues/CAMEL-14640]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
