+1, Houston. That's my understanding as well. Please go ahead with the backport.
On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[email protected]> wrote: > It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: > https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356 > > So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the > description in the JIRA, it looks like backporting > https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 > should > be enough. Is this correct, or am I missing something? > > - HOuston > > On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[email protected]> > wrote: > >> I’m afraid I don’t have the bandwidth the next couple of weeks. >> >> Jan Høydahl >> >> > 13. feb. 2020 kl. 16:27 skrev Noble Paul <[email protected]>: >> > >> > Do you wish to backport them? >> > >> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[email protected]> >> wrote: >> >> >> >> According to NVD, there are at least two published CVEs that affects >> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We >> cannot release 7.7.3 with these still present. >> >> >> >> Jan >> >> >> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[email protected]>: >> >> >> >> I'm planning to back port SOLR-14013 and do a bug fix release soon. >> >> Please let me know if there is anything hat you wish to be included >> >> >> >> -- >> >> ----------------------------------------------------- >> >> Noble Paul >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> >> >> > >> > >> > -- >> > ----------------------------------------------------- >> > Noble Paul >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] >> > For additional commands, e-mail: [email protected] >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >>
