I've backported SOLR-13669 <https://issues.apache.org/jira/browse/SOLR-13669>. After you add in SOLR-14013 Noble, we should be good to go with 7.7.3 I think.
- Houston On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl <jan....@cominvent.com> wrote: > Falde alarm, I needed to update my branch :) > > Jan Høydahl > > 14. feb. 2020 kl. 19:11 skrev Jan Høydahl <jan....@cominvent.com>: > > What commit hash is the backport of SOLR-13971? I cannot find it and > there is no CHANGES entry…? > > 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya < > ichattopadhy...@gmail.com>: > > +1, Houston. That's my understanding as well. Please go ahead with the > backport. > > On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <houstonput...@gmail.com> > wrote: > >> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: >> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356 >> >> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the >> description in the JIRA, it looks like backporting >> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 >> should >> be enough. Is this correct, or am I missing something? >> >> - HOuston >> >> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <jan....@cominvent.com> >> wrote: >> >>> I’m afraid I don’t have the bandwidth the next couple of weeks. >>> >>> Jan Høydahl >>> >>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul <noble.p...@gmail.com>: >>> > >>> > Do you wish to backport them? >>> > >>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <jan....@cominvent.com> >>> wrote: >>> >> >>> >> According to NVD, there are at least two published CVEs that affects >>> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We >>> cannot release 7.7.3 with these still present. >>> >> >>> >> Jan >>> >> >>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <noble.p...@gmail.com>: >>> >> >>> >> I'm planning to back port SOLR-14013 and do a bug fix release soon. >>> >> Please let me know if there is anything hat you wish to be included >>> >> >>> >> -- >>> >> ----------------------------------------------------m >>> >> Noble Paul >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org >>> >> For additional commands, e-mail: dev-h...@lucene.apache.org >>> >> >>> >> >>> > >>> > >>> > -- >>> > ----------------------------------------------------- >>> > Noble Paul >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org >>> > For additional commands, e-mail: dev-h...@lucene.apache.org >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org >>> For additional com-ands, e-mail: d%v-h...@lucene.apache.org >>> >>> >