What commit hash is the backport of SOLR-13971? I cannot find it and there is no CHANGES entry…?
> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya > <ichattopadhy...@gmail.com>: > > +1, Houston. That's my understanding as well. Please go ahead with the > backport. > > On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <houstonput...@gmail.com > <mailto:houstonput...@gmail.com>> wrote: > It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: > https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356 > > <https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356> > > So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the > description in the JIRA, it looks like backporting > https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 > > <https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2> > should be enough. Is this correct, or am I missing something? > > - HOuston > > On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <jan....@cominvent.com > <mailto:jan....@cominvent.com>> wrote: > I’m afraid I don’t have the bandwidth the next couple of weeks. > > Jan Høydahl > > > 13. feb. 2020 kl. 16:27 skrev Noble Paul <noble.p...@gmail.com > > <mailto:noble.p...@gmail.com>>: > > > > Do you wish to backport them? > > > >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <jan....@cominvent.com > >> <mailto:jan....@cominvent.com>> wrote: > >> > >> According to NVD, there are at least two published CVEs that affects 7.7.2 > >> (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot > >> release 7.7.3 with these still present. > >> > >> Jan > >> > >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <noble.p...@gmail.com > >> <mailto:noble.p...@gmail.com>>: > >> > >> I'm planning to back port SOLR-14013 and do a bug fix release soon. > >> Please let me know if there is anything hat you wish to be included > >> > >> -- > >> ----------------------------------------------------- > >> Noble Paul > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > >> <mailto:dev-unsubscr...@lucene.apache.org> > >> For additional commands, e-mail: dev-h...@lucene.apache.org > >> <mailto:dev-h...@lucene.apache.org> > >> > >> > > > > > > -- > > ----------------------------------------------------- > > Noble Paul > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > > <mailto:dev-unsubscr...@lucene.apache.org> > > For additional commands, e-mail: dev-h...@lucene.apache.org > > <mailto:dev-h...@lucene.apache.org> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > <mailto:dev-unsubscr...@lucene.apache.org> > For additional commands, e-mail: dev-h...@lucene.apache.org > <mailto:dev-h...@lucene.apache.org> >