[
https://issues.apache.org/jira/browse/SOLR-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomás Fernández Löbbe resolved SOLR-10895.
------------------------------------------
Resolution: Duplicate
Thanks for reporting Isabelle, there is already a Jira issue for this upgrade.
Feel free to comment there.
> Upgrade to Tika 1.14
> --------------------
>
> Key: SOLR-10895
> URL: https://issues.apache.org/jira/browse/SOLR-10895
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 5.4.1, 6.6
> Reporter: Isabelle Giguere
>
> "Apache Tika before 1.14 allows Java code execution for serialized objects
> embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do
> native deserialization."
> a few links:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
> https://nvd.nist.gov/vuln/detail/CVE-2016-6809
> ******************
> This was originally reported by my employer's Security Analysis team.
> We are still on Solr 5.4.1. It would be good to know that this security
> issue could be fixed with an eventual Solr upgrade.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
