this seems pretty verbose for the "Release Highlights" .. how about just...
* This release upgrades Solr Cell's (contrib/extraction) dependency on Apache POI to mitigate 2 security vulnerabilities: CVE-2014-3529 & CVE-2014-3574. : Date: Tue, 26 Aug 2014 21:40:03 -0000 : From: Apache Wiki <[email protected]> : Reply-To: [email protected] : To: Apache Wiki <[email protected]> : Subject: [Solr Wiki] Update of "ReleaseNote410" by UweSchindler : : Dear Wiki user, : : You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification. : : The "ReleaseNote410" page has been changed by UweSchindler: : https://wiki.apache.org/solr/ReleaseNote410?action=diff&rev1=2&rev2=3 : : Comment: : Add CVE that are fixed by POI upgrade : : details. : : Solr 4.10.0 Release Highlights: : + : + * This release upgrades Solr Cell's (contrib/extraction) dependency : + on Apache POI to mitigate the following security problems: : + : + CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's : + OpenXML parser : + Type: Information disclosure : + Description: Apache POI uses Java's XML components to parse OpenXML : + files produced by Microsoft Office products (DOCX, XLSX, PPTX,...). : + Applications that accept such files from end-users are vulnerable to : + XML External Entity (XXE) attacks, which allows remote attackers to : + bypass security restrictions and read arbitrary files via a crafted : + OpenXML document that provides an XML external entity declaration : + in conjunction with an entity reference. : + : + CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's : + OpenXML parser : + Type: Denial of service : + Description: Apache POI uses Java's XML components and Apache Xmlbeans : + to parse OpenXML files produced by Microsoft Office products (DOCX, : + XLSX, PPTX,...). Applications that accept such files from end-users : + are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"), : + which allows remote hackers to consume large amounts of CPU resources. : : * Scripts for starting, stopping, and running Solr examples : : -Hoss http://www.lucidworks.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
