Falde alarm, I needed to update my branch :) Jan Høydahl
> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl <[email protected]>: > > What commit hash is the backport of SOLR-13971? I cannot find it and there > is no CHANGES entry…? > >> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya >> <[email protected]>: >> >> +1, Houston. That's my understanding as well. Please go ahead with the >> backport. >> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[email protected]> >>> wrote: >>> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: >>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356 >>> >>> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the >>> description in the JIRA, it looks like backporting >>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 >>> should be enough. Is this correct, or am I missing something? >>> >>> - HOuston >>> >>>> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[email protected]> wrote: >>>> I’m afraid I don’t have the bandwidth the next couple of weeks. >>>> >>>> Jan Høydahl >>>> >>>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul <[email protected]>: >>>> > >>>> > Do you wish to backport them? >>>> > >>>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[email protected]> >>>> >> wrote: >>>> >> >>>> >> According to NVD, there are at least two published CVEs that affects >>>> >> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We >>>> >> cannot release 7.7.3 with these still present. >>>> >> >>>> >> Jan >>>> >> >>>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[email protected]>: >>>> >> >>>> >> I'm planning to back port SOLR-14013 and do a bug fix release soon. >>>> >> Please let me know if there is anything hat you wish to be included >>>> >> >>>> >> -- >>>> >> ----------------------------------------------------- >>>> >> Noble Paul >>>> >> >>>> >> --------------------------------------------------------------------- >>>> >> To unsubscribe, e-mail: [email protected] >>>> >> For additional commands, e-mail: [email protected] >>>> >> >>>> >> >>>> > >>>> > >>>> > -- >>>> > ----------------------------------------------------- >>>> > Noble Paul >>>> > >>>> > --------------------------------------------------------------------- >>>> > To unsubscribe, e-mail: [email protected] >>>> > For additional commands, e-mail: [email protected] >>>> > >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >
