: The problem: The CVE numbers are not yet filled with contents, so nobody : knows what's the problem by supplying the numbers only. The CHANGES.txt : also does not mention details. In addition, fixes for security issues : should in any case be mentioned in the release notes.
true true ... since we already published a big notice about this issue w/all of the details, how about just linking to those details from the release highlights? Particularly since it will help evangalize a URL with the details even for people who might not want to upgrade right away (but might have missed the previous notice). ie... * This release upgrades Solr Cell's (contrib/extraction) dependency on Apache POI to mitigate 2 security vulnerabilities: http://s.apache.org/solr-cell-security-notice ? -Hoss http://www.lucidworks.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
