Hi, Here ist he official statement: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
So we are fine in Solr 5.0 and 4.9.x, but we need to update our checkout to at least latest Jetty 9.2.9 version. Uwe ----- Uwe Schindler H.-H.-Meier-Allee 63, D-28213 Bremen http://www.thetaphi.de eMail: [email protected] > -----Original Message----- > From: Uwe Schindler [mailto:[email protected]] > Sent: Tuesday, March 03, 2015 3:04 PM > To: [email protected] > Subject: RE: Security release because of Jetty Security issue: #JetLeak > > It looks like Jetty 7 and Jetty 8 are not affected, only Jetty 9. So I think > we are > safe :-) Investigating... > > Uwe > > ----- > Uwe Schindler > H.-H.-Meier-Allee 63, D-28213 Bremen > http://www.thetaphi.de > eMail: [email protected] > > > > -----Original Message----- > > From: Uwe Schindler [mailto:[email protected]] > > Sent: Tuesday, March 03, 2015 1:44 PM > > To: [email protected] > > Subject: Security release because of Jetty Security issue: #JetLeak > > > > Hi, > > > > due to the security leak in the Jetty webserver we should think about > > updating the Solr releases: As a Lucene 4.10.4 release is in the RC > > phase, we should better delay it and check if the bundled Jetty is > vulnerable. > > > > http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remot > > e- > > leakage-of-shared-buffers-in-je.html > > > > Here is a testing scipt to check our release: > > https://github.com/GDSSecurity/Jetleak-Testing-Script > > > > Uwe > > > > ----- > > Uwe Schindler > > H.-H.-Meier-Allee 63, D-28213 Bremen > > http://www.thetaphi.de > > eMail: [email protected] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] For > > additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
